Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:file.exe
Analysis ID:1559009
MD5:5ddbda8baef12cdd69941b253fee8aec
SHA1:57e7be2b1a5a94a521da718c857cc47de4ca51de
SHA256:eb24498db31fab6a17b5b5c1eee0e87f46c324b74edc6b76db8ed4c0c66dcdd8
Tags:exeuser-Bitsight
Infos:

Detection

Credential Flusher
Score:72
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Yara detected Credential Flusher
AI detected suspicious sample
Binary is likely a compiled AutoIt script file
Found API chain indicative of sandbox detection
Machine Learning detection for sample
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Connects to many different domains
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to block mouse and keyboard input (often used to hinder debugging)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to launch a program with higher privileges
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality to simulate mouse events
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Detected potential crypto function
Drops PE files
Enables debug privileges
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
OS version to string mapping found (often used in BOTs)
PE file contains sections with non-standard names
Potential key logger detected (key state polling based)
Sample execution stops while process was sleeping (likely an evasion)
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Uses taskkill to terminate processes

Classification

  • System is w10x64
  • file.exe (PID: 7468 cmdline: "C:\Users\user\Desktop\file.exe" MD5: 5DDBDA8BAEF12CDD69941B253FEE8AEC)
    • taskkill.exe (PID: 7484 cmdline: taskkill /F /IM firefox.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 7492 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • conhost.exe (PID: 7628 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • taskkill.exe (PID: 7592 cmdline: taskkill /F /IM chrome.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 7600 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • taskkill.exe (PID: 7648 cmdline: taskkill /F /IM msedge.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 7656 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • taskkill.exe (PID: 7712 cmdline: taskkill /F /IM opera.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 7720 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • taskkill.exe (PID: 7776 cmdline: taskkill /F /IM brave.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 7784 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • firefox.exe (PID: 7844 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • firefox.exe (PID: 7876 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking --attempting-deelevation MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
    • firefox.exe (PID: 7892 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 8132 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2296 -parentBuildID 20230927232528 -prefsHandle 2240 -prefMapHandle 2232 -prefsLen 25359 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e6cc69c0-1ab8-4949-9139-8146a8543006} 7892 "\\.\pipe\gecko-crash-server-pipe.7892" 1fefea6f510 socket MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 7664 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3636 -parentBuildID 20230927232528 -prefsHandle 3344 -prefMapHandle 3692 -prefsLen 26208 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cecf5438-3921-42a8-b85b-1ccda718867a} 7892 "\\.\pipe\gecko-crash-server-pipe.7892" 1fe8e5f4b10 rdd MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 7592 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4684 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 4984 -prefMapHandle 4988 -prefsLen 33185 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {40f98a07-c25a-448b-9186-f75ef4ee275c} 7892 "\\.\pipe\gecko-crash-server-pipe.7892" 1fefea73710 utility MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • cleanup
No configs have been found
SourceRuleDescriptionAuthorStrings
Process Memory Space: file.exe PID: 7468JoeSecurity_CredentialFlusherYara detected Credential FlusherJoe Security
    No Sigma rule has matched
    No Suricata rule has matched

    Click to jump to signature section

    Show All Signature Results

    AV Detection

    barindex
    Source: file.exeVirustotal: Detection: 36%Perma Link
    Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.4% probability
    Source: file.exeJoe Sandbox ML: detected
    Source: file.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49743 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.4:49744 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.4:49750 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:50947 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:50956 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:50955 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.4:50961 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:50960 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 151.101.1.91:443 -> 192.168.2.4:50962 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:50966 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:50965 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:50967 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.4:50968 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:51034 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:51033 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:51036 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:51244 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:51245 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:51242 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:51243 version: TLS 1.2
    Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdbV source: gmpopenh264.dll.tmp.13.dr
    Source: Binary string: NapiNSP.pdbUGP source: firefox.exe, 0000000D.00000003.1946833869.000001FE8C238000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: pnrpnsp.pdb source: firefox.exe, 0000000D.00000003.1948446910.000001FE8C239000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: NapiNSP.pdb source: firefox.exe, 0000000D.00000003.1946833869.000001FE8C238000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: netprofm.pdb source: firefox.exe, 0000000D.00000003.1942506114.000001FE8C239000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdb source: gmpopenh264.dll.tmp.13.dr
    Source: Binary string: pnrpnsp.pdbUGP source: firefox.exe, 0000000D.00000003.1948446910.000001FE8C239000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: netprofm.pdbUGP source: firefox.exe, 0000000D.00000003.1942506114.000001FE8C239000.00000004.00000020.00020000.00000000.sdmp
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001DDBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,0_2_001DDBBE
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001E68EE FindFirstFileW,FindClose,0_2_001E68EE
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001E698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,0_2_001E698F
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001DD076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_001DD076
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001DD3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_001DD3A9
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001E9642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_001E9642
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001E979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_001E979D
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001E9B2B FindFirstFileW,Sleep,FindNextFileW,FindClose,0_2_001E9B2B
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001E5C97 FindFirstFileW,FindNextFileW,FindClose,0_2_001E5C97
    Source: firefox.exeMemory has grown: Private usage: 1MB later: 218MB
    Source: unknownNetwork traffic detected: DNS query count 31
    Source: Joe Sandbox ViewIP Address: 151.101.1.91 151.101.1.91
    Source: Joe Sandbox ViewIP Address: 34.149.100.209 34.149.100.209
    Source: Joe Sandbox ViewIP Address: 34.117.188.166 34.117.188.166
    Source: Joe Sandbox ViewIP Address: 34.160.144.191 34.160.144.191
    Source: Joe Sandbox ViewJA3 fingerprint: fb0aa01abe9d8e4037eb3473ca6e2dca
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001ECE44 InternetReadFile,SetEvent,GetLastError,SetEvent,0_2_001ECE44
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: firefox.exe, 0000000D.00000003.1901590756.000001FEFF643000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: "url": "https://www.facebook.com/", equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000D.00000003.1901590756.000001FEFF643000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: "url": "https://www.youtube.com/", equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000D.00000003.1901590756.000001FEFF643000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: "default.sites": "https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/", equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000D.00000003.1901590756.000001FEFF643000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: "default.sites": "https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/", equals www.twitter.com (Twitter)
    Source: firefox.exe, 0000000D.00000003.1901590756.000001FEFF643000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: "default.sites": "https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/", equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000D.00000003.1946832868.000001FE9049D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1885347051.000001FE8FE55000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: *://www.facebook.com/* equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000D.00000003.1930758492.000001FE8C962000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1933594217.000001FE969E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: *://www.youtube.com/* equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000D.00000003.1911638305.000001FE9A8F4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8*://www.facebook.com/* equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000D.00000003.1925831523.000001FE9692F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1934226320.000001FE9692F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8https://www.facebook.com/ equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000D.00000003.1925831523.000001FE9692F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1934226320.000001FE9692F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8https://www.youtube.com/ equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000D.00000003.1911638305.000001FE9A8F4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8www.facebook.com equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000D.00000003.1935527989.000001FE9232F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: `https://www.facebook.com/ equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000D.00000003.1935527989.000001FE9232F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: `https://www.youtube.com/ equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000D.00000003.1925831523.000001FE9692F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1934226320.000001FE9692F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.facebook.com/ equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000D.00000003.1925831523.000001FE9692F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1934226320.000001FE9692F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/ equals www.youtube.com (Youtube)
    Source: firefox.exe, 00000010.00000002.3572663833.000001FA8E403000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3573072841.000001C6C760C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.facebook.com (Facebook)
    Source: firefox.exe, 00000010.00000002.3572663833.000001FA8E403000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3573072841.000001C6C760C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.twitter.com (Twitter)
    Source: firefox.exe, 00000010.00000002.3572663833.000001FA8E403000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3573072841.000001C6C760C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000D.00000003.1930758492.000001FE8C962000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1933594217.000001FE969E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: moz-extension://a581a2f1-688c-434b-8db8-16166b1993d9/injections/js/bug1842437-www.youtube.com-performance-now-precision.js equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000D.00000003.1931389122.000001FE9A4CA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1902869152.000001FE9A4CA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1925055427.000001FE9A4CA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.facebook.com equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000D.00000003.1931389122.000001FE9A4CA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1902869152.000001FE9A4CA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1925055427.000001FE9A4CA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.youtube.com- equals www.youtube.com (Youtube)
    Source: global trafficDNS traffic detected: DNS query: prod.classify-client.prod.webservices.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: detectportal.firefox.com
    Source: global trafficDNS traffic detected: DNS query: youtube.com
    Source: global trafficDNS traffic detected: DNS query: prod.detectportal.prod.cloudops.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: contile.services.mozilla.com
    Source: global trafficDNS traffic detected: DNS query: spocs.getpocket.com
    Source: global trafficDNS traffic detected: DNS query: prod.ads.prod.webservices.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: prod.balrog.prod.cloudops.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: content-signature-2.cdn.mozilla.net
    Source: global trafficDNS traffic detected: DNS query: prod.content-signature-chains.prod.webservices.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: example.org
    Source: global trafficDNS traffic detected: DNS query: ipv4only.arpa
    Source: global trafficDNS traffic detected: DNS query: shavar.services.mozilla.com
    Source: global trafficDNS traffic detected: DNS query: push.services.mozilla.com
    Source: global trafficDNS traffic detected: DNS query: support.mozilla.org
    Source: global trafficDNS traffic detected: DNS query: us-west1.prod.sumo.prod.webservices.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: telemetry-incoming.r53-2.services.mozilla.com
    Source: global trafficDNS traffic detected: DNS query: firefox.settings.services.mozilla.com
    Source: global trafficDNS traffic detected: DNS query: prod.remote-settings.prod.webservices.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: www.youtube.com
    Source: global trafficDNS traffic detected: DNS query: www.facebook.com
    Source: global trafficDNS traffic detected: DNS query: www.wikipedia.org
    Source: global trafficDNS traffic detected: DNS query: youtube-ui.l.google.com
    Source: global trafficDNS traffic detected: DNS query: dyna.wikimedia.org
    Source: global trafficDNS traffic detected: DNS query: star-mini.c10r.facebook.com
    Source: global trafficDNS traffic detected: DNS query: www.reddit.com
    Source: global trafficDNS traffic detected: DNS query: twitter.com
    Source: global trafficDNS traffic detected: DNS query: reddit.map.fastly.net
    Source: global trafficDNS traffic detected: DNS query: services.addons.mozilla.org
    Source: global trafficDNS traffic detected: DNS query: normandy.cdn.mozilla.net
    Source: global trafficDNS traffic detected: DNS query: normandy-cdn.services.mozilla.com
    Source: firefox.exe, 0000000D.00000003.1907713421.000001FE91285000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1937929105.000001FE91285000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.3572503919.00000205411F0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3575975489.000001FA8E960000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3572038819.000001C6C7230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://127.0.0.1:
    Source: firefox.exe, 0000000D.00000003.1918906151.000001FE8C207000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.13.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
    Source: firefox.exe, 0000000D.00000003.1918906151.000001FE8C207000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1918906151.000001FE8C20E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
    Source: firefox.exe, 0000000D.00000003.1918906151.000001FE8C207000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.13.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
    Source: firefox.exe, 0000000D.00000003.1918906151.000001FE8C207000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1921125017.000001FE8C20D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1921531801.000001FE8C20E000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1918906151.000001FE8C20E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
    Source: firefox.exe, 0000000D.00000003.1918906151.000001FE8C207000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
    Source: firefox.exe, 0000000D.00000003.1921792209.000001FEFF654000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1901590756.000001FEFF654000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1930019659.000001FEFF654000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://compose.mail.yahoo.co.jp/ym/Compose?To=%ss
    Source: gmpopenh264.dll.tmp.13.drString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
    Source: firefox.exe, 0000000D.00000003.1918906151.000001FE8C207000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1918906151.000001FE8C20E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
    Source: firefox.exe, 0000000D.00000003.1918906151.000001FE8C207000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.13.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
    Source: firefox.exe, 0000000D.00000003.1918906151.000001FE8C207000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1921125017.000001FE8C20D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1921531801.000001FE8C20E000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1918906151.000001FE8C20E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
    Source: firefox.exe, 0000000D.00000003.1918906151.000001FE8C207000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
    Source: firefox.exe, 0000000D.00000003.1918906151.000001FE8C207000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.13.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
    Source: firefox.exe, 0000000D.00000003.1918906151.000001FE8C207000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.13.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
    Source: firefox.exe, 0000000D.00000003.1918906151.000001FE8C207000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0K
    Source: gmpopenh264.dll.tmp.13.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
    Source: firefox.exe, 0000000D.00000003.1902869152.000001FE9A463000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com
    Source: firefox.exe, 0000000D.00000003.1926626024.000001FE920D9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.3572503919.00000205411F0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3575975489.000001FA8E960000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3572038819.000001C6C7230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/canonical.html
    Source: firefox.exe, 0000000D.00000003.1933134674.000001FE98417000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.3572503919.00000205411F0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3575975489.000001FA8E960000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3572038819.000001C6C7230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/success.txt?ipv4
    Source: firefox.exe, 0000000D.00000003.1933134674.000001FE98417000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.3572503919.00000205411F0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3575975489.000001FA8E960000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3572038819.000001C6C7230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/success.txt?ipv6
    Source: firefox.exe, 0000000D.00000003.1930019659.000001FEFF68A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1901590756.000001FEFF68A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1921792209.000001FEFF68A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://exslt.org/common
    Source: firefox.exe, 0000000D.00000003.1901590756.000001FEFF661000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1930019659.000001FEFF661000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1921792209.000001FEFF661000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://exslt.org/dates-and-timesp
    Source: firefox.exe, 0000000D.00000003.1930019659.000001FEFF68A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1901590756.000001FEFF68A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1921792209.000001FEFF68A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://exslt.org/math
    Source: firefox.exe, 0000000D.00000003.1901590756.000001FEFF661000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1930019659.000001FEFF661000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1921792209.000001FEFF661000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://exslt.org/regular-expressions
    Source: firefox.exe, 0000000D.00000003.1930019659.000001FEFF68A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1901590756.000001FEFF68A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1921792209.000001FEFF68A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://exslt.org/sets
    Source: firefox.exe, 0000000D.00000003.1759330954.000001FE8FADA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1759776466.000001FE8FADA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1871544776.000001FE96A31000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1905995594.000001FE91E31000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1875870204.000001FE96AF2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1867643027.000001FE8EBD8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1940085049.000001FE8FADE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1933800282.000001FE969B8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1903917402.000001FE9A1B7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1886791758.000001FE8F9CF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1912401188.000001FE8F9C3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1920817765.000001FE9049A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1917787452.000001FE96F78000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1865085708.000001FE90EBF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1905995594.000001FE91E4A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1908207027.000001FE9115C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1867643027.000001FE8EBEA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1896000720.000001FE96F77000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1928058762.000001FE8E85E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1788783460.000001FE96A43000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1925831523.000001FE969B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/MPL/2.0/.
    Source: firefox.exe, 0000000D.00000003.1918906151.000001FE8C207000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
    Source: firefox.exe, 0000000D.00000003.1918906151.000001FE8C207000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1918906151.000001FE8C20E000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.13.drString found in binary or memory: http://ocsp.digicert.com0C
    Source: firefox.exe, 0000000D.00000003.1918906151.000001FE8C207000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.13.drString found in binary or memory: http://ocsp.digicert.com0N
    Source: firefox.exe, 0000000D.00000003.1918906151.000001FE8C207000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1921125017.000001FE8C20D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1921531801.000001FE8C20E000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1918906151.000001FE8C20E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0X
    Source: gmpopenh264.dll.tmp.13.drString found in binary or memory: http://ocsp.thawte.com0
    Source: firefox.exe, 0000000D.00000003.1921792209.000001FEFF654000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1901590756.000001FEFF654000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1930019659.000001FEFF654000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://poczta.interia.pl/mh/?mailto=%sw
    Source: firefox.exe, 0000000D.00000003.1912950740.000001FE99D32000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://r3.i.lencr.org/0
    Source: firefox.exe, 0000000D.00000003.1912950740.000001FE99D32000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://r3.o.lencr.org0
    Source: gmpopenh264.dll.tmp.13.drString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
    Source: gmpopenh264.dll.tmp.13.drString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
    Source: gmpopenh264.dll.tmp.13.drString found in binary or memory: http://ts-ocsp.ws.symantec.com07
    Source: firefox.exe, 0000000D.00000003.1921792209.000001FEFF654000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1901590756.000001FEFF654000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1930019659.000001FEFF654000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://win.mail.ru/cgi-bin/sentmsg?mailto=%sy
    Source: firefox.exe, 0000000D.00000003.1918906151.000001FE8C207000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/CPS0
    Source: firefox.exe, 0000000D.00000003.1921792209.000001FEFF654000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1901590756.000001FEFF654000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1930019659.000001FEFF654000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.inbox.lv/rfc2368/?value=%su
    Source: gmpopenh264.dll.tmp.13.drString found in binary or memory: http://www.mozilla.com0
    Source: firefox.exe, 0000000D.00000003.1913837490.000001FE9909D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/2005/app-updatex
    Source: firefox.exe, 0000000D.00000003.1787337875.000001FE90C74000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1925276272.000001FE9A12D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1939851746.000001FE91127000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1932236968.000001FE9A12D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1909193494.000001FE91127000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul
    Source: firefox.exe, 0000000D.00000003.1939851746.000001FE91127000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1909193494.000001FE91127000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul8
    Source: firefox.exe, 0000000D.00000003.1939851746.000001FE91127000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1909193494.000001FE91127000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xulP
    Source: firefox.exe, 00000010.00000003.1770294391.000001FA8F01D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3578115028.000001FA8F01D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1774487939.000001FA8F01D000.00000004.00000020.00020000.00000000.sdmp, mozilla-temp-41.13.drString found in binary or memory: http://www.videolan.org/x264.html
    Source: firefox.exe, 0000000D.00000003.1912950740.000001FE99D32000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.c.lencr.org/0
    Source: firefox.exe, 0000000D.00000003.1912950740.000001FE99D32000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.i.lencr.org/0
    Source: firefox.exe, 0000000F.00000002.3572503919.00000205411F0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3575975489.000001FA8E960000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3572038819.000001C6C7230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.malware-error.mozilla.com/?url=
    Source: firefox.exe, 0000000F.00000002.3572503919.00000205411F0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3575975489.000001FA8E960000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3572038819.000001C6C7230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.phish-error.mozilla.com/?url=
    Source: firefox.exe, 0000000F.00000002.3572503919.00000205411F0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3575975489.000001FA8E960000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3572038819.000001C6C7230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.phish-report.mozilla.com/?url=
    Source: firefox.exe, 0000000D.00000003.1750469216.000001FE8E777000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1749665388.000001FE8E500000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1749921112.000001FE8E71F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1750064306.000001FE8E73C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1750219188.000001FE8E75A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.duckduckgo.com/ac/
    Source: firefox.exe, 0000000D.00000003.1935843580.000001FE91E70000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://account.bellmedia.c
    Source: firefox.exe, 0000000D.00000003.1933134674.000001FE9844C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1904583643.000001FE9844C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.firefox.com
    Source: firefox.exe, 0000000D.00000003.1914111650.000001FE984B6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1901590756.000001FEFF643000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1904261024.000001FE984B6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.3572503919.00000205411F0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3575975489.000001FA8E960000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3572038819.000001C6C7230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://accounts.firefox.com/
    Source: firefox.exe, 0000000F.00000002.3572503919.00000205411F0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3575975489.000001FA8E960000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3572038819.000001C6C7230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://accounts.firefox.com/settings/clients
    Source: firefox.exe, 0000000D.00000003.1935373834.000001FE92370000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1904878420.000001FE92370000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.firefox.comK
    Source: firefox.exe, 0000000D.00000003.1902869152.000001FE9A450000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1885080066.000001FE972F1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1812582570.000001FE972F1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1863681425.000001FE97253000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1896000720.000001FE96F77000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1811155756.000001FE972F3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1810847552.000001FE97253000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1896356892.000001FE97256000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1896131967.000001FE972F4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1893274789.000001FE97253000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1810269792.000001FE972F6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1894273111.000001FE972F1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1862396104.000001FE972F1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1931389122.000001FE9A450000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1882556326.000001FE96F73000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1895552354.000001FE972F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/v3/signin/challenge/pwd
    Source: firefox.exe, 0000000F.00000002.3572503919.00000205411F0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3575975489.000001FA8E960000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3572038819.000001C6C7230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/
    Source: firefox.exe, 0000000F.00000002.3572503919.00000205411F0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3575975489.000001FA8E960000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3572038819.000001C6C7230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/
    Source: firefox.exe, 0000000F.00000002.3572503919.00000205411F0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3575975489.000001FA8E960000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3572038819.000001C6C7230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/language-tools/
    Source: firefox.exe, 0000000F.00000002.3572503919.00000205411F0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3575975489.000001FA8E960000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3572038819.000001C6C7230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/search-engines/
    Source: firefox.exe, 0000000F.00000002.3572503919.00000205411F0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3575975489.000001FA8E960000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3572038819.000001C6C7230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/search?q=%TERMS%&platform=%OS%&appver=%VERSION%
    Source: firefox.exe, 0000000F.00000002.3572503919.00000205411F0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3575975489.000001FA8E960000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3572038819.000001C6C7230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/themes
    Source: firefox.exe, 0000000D.00000003.1931389122.000001FE9A4CA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1902869152.000001FE9A4CA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1925055427.000001FE9A4CA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/enhancer-for-youtube/
    Source: firefox.exe, 0000000D.00000003.1931389122.000001FE9A4CA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1902869152.000001FE9A4CA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1925055427.000001FE9A4CA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/facebook-container/
    Source: firefox.exe, 0000000D.00000003.1931389122.000001FE9A4CA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1902869152.000001FE9A4CA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1925055427.000001FE9A4CA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/reddit-enhancement-suite/
    Source: firefox.exe, 0000000D.00000003.1931389122.000001FE9A4CA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1902869152.000001FE9A4CA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1925055427.000001FE9A4CA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/to-google-translate/
    Source: firefox.exe, 0000000D.00000003.1931389122.000001FE9A4CA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1902869152.000001FE9A4CA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1925055427.000001FE9A4CA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/wikipedia-context-menu-search/
    Source: firefox.exe, 0000000D.00000003.1933800282.000001FE969C3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://allegro.pl/
    Source: firefox.exe, 0000000D.00000003.1901590756.000001FEFF643000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://amazon.com
    Source: firefox.exe, 0000000F.00000002.3572503919.00000205411F0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3575975489.000001FA8E960000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3572038819.000001C6C7230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://api.accounts.firefox.com/v1
    Source: firefox.exe, 0000000D.00000003.1925055427.000001FE9A4CA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://app.adjust.com/167k4ih?campaign=firefox-desktop&adgroup=pb&creative=focus-omc172&redirect=ht
    Source: firefox.exe, 0000000D.00000003.1925055427.000001FE9A4CA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://app.adjust.com/a8bxj8j?campaign=firefox-desktop&adgroup=pb&creative=focus-omc172&redirect=ht
    Source: firefox.exe, 0000000F.00000002.3572503919.00000205411F0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3575975489.000001FA8E960000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3572038819.000001C6C7230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://apps.apple.com/app/firefox-private-safe-browser/id989804926
    Source: firefox.exe, 0000000F.00000002.3572503919.00000205411F0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3575975489.000001FA8E960000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3572038819.000001C6C7230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://apps.apple.com/us/app/firefox-private-network-vpn/id1489407738
    Source: firefox.exe, 0000000D.00000003.1933800282.000001FE96986000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org
    Source: firefox.exe, 0000000D.00000003.1933800282.000001FE96986000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/
    Source: firefox.exe, 0000000F.00000002.3572503919.00000205411F0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3575975489.000001FA8E960000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3572038819.000001C6C7230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/3/GMP/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%OS_VER
    Source: firefox.exe, 0000000F.00000002.3572503919.00000205411F0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3575975489.000001FA8E960000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3572038819.000001C6C7230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/3/SystemAddons/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL
    Source: firefox.exe, 0000000D.00000003.1933134674.000001FE98415000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/6/Firefox/118.0.1/20230927232528/WINNT_x86_64-msvc-x64/en-US/release
    Source: firefox.exe, 0000000F.00000002.3572503919.00000205411F0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3575975489.000001FA8E960000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3572038819.000001C6C7230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://blocked.cdn.mozilla.net/
    Source: firefox.exe, 0000000F.00000002.3572503919.00000205411F0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3575975489.000001FA8E960000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3572038819.000001C6C7230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://blocked.cdn.mozilla.net/%blockID%.html
    Source: firefox.exe, 0000000D.00000003.1921792209.000001FEFF6AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1901590756.000001FEFF643000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1949041195.000001FEFF6B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1930019659.000001FEFF6AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1901590756.000001FEFF6AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.3573557257.00000205415CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3572663833.000001FA8E4E8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3577161708.000001C6C7803000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.13.drString found in binary or memory: https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.
    Source: firefox.exe, 0000000D.00000003.1921792209.000001FEFF6AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1901590756.000001FEFF643000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1949041195.000001FEFF6B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1930019659.000001FEFF6AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1901590756.000001FEFF6AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.3573557257.00000205415CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3572663833.000001FA8E4E8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3577161708.000001C6C7803000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.13.drString found in binary or memory: https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta
    Source: firefox.exe, 0000000D.00000003.1925055427.000001FE9A4CA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mo
    Source: firefox.exe, 0000000D.00000003.1813105814.000001FE8F939000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1189266
    Source: firefox.exe, 0000000D.00000003.1813105814.000001FE8F939000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1193802
    Source: firefox.exe, 0000000D.00000003.1850813681.000001FE8F956000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1813105814.000001FE8F939000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1207993
    Source: firefox.exe, 0000000D.00000003.1850813681.000001FE8F956000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1813105814.000001FE8F939000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1266220
    Source: firefox.exe, 0000000D.00000003.1813105814.000001FE8F939000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1283601
    Source: firefox.exe, 0000000D.00000003.1851190227.000001FE8F95F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1813105814.000001FE8F939000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1678448
    Source: firefox.exe, 0000000D.00000003.1813105814.000001FE8F939000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=792480
    Source: firefox.exe, 0000000D.00000003.1850813681.000001FE8F956000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1813105814.000001FE8F939000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=809550
    Source: firefox.exe, 0000000D.00000003.1850813681.000001FE8F956000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1813105814.000001FE8F939000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=840161
    Source: firefox.exe, 0000000F.00000002.3572503919.00000205411F0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3575975489.000001FA8E960000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3572038819.000001C6C7230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-f
    Source: firefox.exe, 0000000D.00000003.1750469216.000001FE8E777000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1749665388.000001FE8E500000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1749921112.000001FE8E71F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1750064306.000001FE8E73C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1750219188.000001FE8E75A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://completion.amazon.com/search/complete?q=
    Source: firefox.exe, 0000000D.00000003.1933649218.000001FE969DB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1914505742.000001FE969DB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-202
    Source: firefox.exe, 0000000F.00000002.3572503919.00000205411F0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3575975489.000001FA8E960000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3572038819.000001C6C7230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://content.cdn.mozilla.net
    Source: firefox.exe, 0000000D.00000003.1921792209.000001FEFF6AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1901590756.000001FEFF643000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1949041195.000001FEFF6B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1930019659.000001FEFF6AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1901590756.000001FEFF6AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.3573557257.00000205415CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3572663833.000001FA8E4E8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3577161708.000001C6C7803000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.13.drString found in binary or memory: https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg
    Source: firefox.exe, 0000000D.00000003.1921792209.000001FEFF6AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1901590756.000001FEFF643000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1949041195.000001FEFF6B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1930019659.000001FEFF6AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1901590756.000001FEFF6AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.3573557257.00000205415CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3572663833.000001FA8E4E8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3577161708.000001C6C7803000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.13.drString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
    Source: firefox.exe, 0000000D.00000003.1934226320.000001FE9692F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contile.services.mozilla.com/
    Source: firefox.exe, 0000000D.00000003.1934226320.000001FE9692F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.3572503919.00000205411F0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3575975489.000001FA8E960000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3572038819.000001C6C7230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://contile.services.mozilla.com/v1/tiles
    Source: firefox.exe, 0000000F.00000002.3572503919.00000205411F0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3575975489.000001FA8E960000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3572038819.000001C6C7230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://coverage.mozilla.org
    Source: firefox.exe, 0000000F.00000002.3572503919.00000205411F0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3575975489.000001FA8E960000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3572038819.000001C6C7230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://crash-stats.mozilla.org/report/index/
    Source: firefox.exe, 0000000D.00000003.1789235082.000001FE96A55000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1885223121.000001FE96A4C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1788353843.000001FE96A57000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1871544776.000001FE96A49000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1788227783.000001FE96A57000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/993268
    Source: firefox.exe, 0000000F.00000002.3572503919.00000205411F0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3575975489.000001FA8E960000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3572038819.000001C6C7230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://dap-02.api.divviup.org
    Source: firefox.exe, 0000000D.00000003.1902869152.000001FE9A450000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1851685821.000001FE8F92E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1885347051.000001FE8FE55000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://datastudio.google.com/embed/reporting/
    Source: firefox.exe, 0000000D.00000003.1921520301.000001FE90429000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Mozilla/Tech/XPCOM/Reference/Interface/nsIEffectiveTLDServi
    Source: firefox.exe, 0000000D.00000003.1789235082.000001FE96A55000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1885223121.000001FE96A4C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1788353843.000001FE96A57000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1871544776.000001FE96A49000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/API/ElementCSSInlineStyle/style#setting_styles)
    Source: firefox.exe, 0000000D.00000003.1789235082.000001FE96A55000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1885223121.000001FE96A4C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1788353843.000001FE96A57000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1871544776.000001FE96A49000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Statements/for-await...of
    Source: firefox.exe, 0000000D.00000003.1789235082.000001FE96A55000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1885223121.000001FE96A4C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1788353843.000001FE96A57000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1871544776.000001FE96A49000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1788227783.000001FE96A57000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/Web_Components/Using_custom_elements#using_the_lifecycl
    Source: firefox.exe, 0000000F.00000002.3572503919.00000205411F0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3575975489.000001FA8E960000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3572038819.000001C6C7230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://developers.google.com/safe-browsing/v4/advisory
    Source: firefox.exe, 0000000D.00000003.1901590756.000001FEFF643000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com
    Source: firefox.exe, 0000000D.00000003.1883753958.000001FE90E3B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1750469216.000001FE8E777000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1749665388.000001FE8E500000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1749921112.000001FE8E71F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1750064306.000001FE8E73C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1750219188.000001FE8E75A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/
    Source: firefox.exe, 0000000D.00000003.1756532354.000001FE8C91A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1920945552.000001FE8C934000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1940836290.000001FE8C934000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1756618073.000001FE8C932000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1918718361.000001FE8C939000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1756129232.000001FE8C933000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%s
    Source: firefox.exe, 0000000D.00000003.1921792209.000001FEFF654000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1901590756.000001FEFF654000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1930019659.000001FEFF654000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%sz
    Source: firefox.exe, 0000000D.00000003.1921792209.000001FEFF654000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1901590756.000001FEFF654000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1930019659.000001FEFF654000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%szw
    Source: firefox.exe, 0000000D.00000003.1756532354.000001FE8C91A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1920945552.000001FE8C934000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1940836290.000001FE8C934000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1756618073.000001FE8C932000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1918718361.000001FE8C939000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1756129232.000001FE8C933000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://email.seznam.cz/newMessageScreen?mailto=%s
    Source: firefox.exe, 00000010.00000002.3572663833.000001FA8E45F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3573072841.000001C6C7613000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox-api-proxy.cdn.mozilla.net/
    Source: firefox.exe, 0000000D.00000003.1790843191.000001FE8FE4F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1792090729.000001FE8FE64000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-images/706c7a85-cf23-442e-8a9
    Source: firefox.exe, 0000000F.00000002.3572503919.00000205411F0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3575975489.000001FA8E960000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3572038819.000001C6C7230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://firefox-source-docs.mozilla.org/networking/dns/trr-skip-reasons.html#
    Source: firefox.exe, 0000000D.00000003.1902869152.000001FE9A463000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com
    Source: firefox.exe, 0000000D.00000003.1913837490.000001FE9909D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com/
    Source: firefox.exe, 0000000D.00000003.1924330393.000001FE9A896000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1912072645.000001FE9A896000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/
    Source: firefox.exe, 0000000F.00000002.3572503919.00000205411F0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3575975489.000001FA8E960000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3572038819.000001C6C7230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://fpn.firefox.com/browser?utm_source=firefox-desktop&utm_medium=referral&utm_campaign=about-pr
    Source: firefox.exe, 0000000F.00000002.3572503919.00000205411F0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3575975489.000001FA8E960000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3572038819.000001C6C7230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://ftp.mozilla.org/pub/labs/devtools/adb-extension/#OS#/adb-extension-latest-#OS#.xpi
    Source: firefox.exe, 00000010.00000002.3572663833.000001FA8E45F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3573072841.000001C6C7613000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/
    Source: firefox.exe, 00000012.00000002.3573072841.000001C6C76C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=
    Source: firefox.exe, 00000012.00000002.3573072841.000001C6C76C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_l
    Source: firefox.exe, 00000012.00000002.3573072841.000001C6C7630000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/newtab/layout?version=1&consumer_key=$apiKey&layout_variant=bas
    Source: firefox.exe, 0000000D.00000003.1943323630.000001FE8E660000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1901590756.000001FEFF643000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/newtab/layout?version=1&consumer_key=40249-e88c401e1b1f2242d9e4
    Source: firefox.exe, 0000000D.00000003.1943323630.000001FE8E660000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1901590756.000001FEFF643000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/career?utm_source=pocket-newtab
    Source: firefox.exe, 0000000D.00000003.1943323630.000001FE8E660000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1901590756.000001FEFF643000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/entertainment?utm_source=pocket-newtab
    Source: firefox.exe, 0000000D.00000003.1943323630.000001FE8E660000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1901590756.000001FEFF643000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/food?utm_source=pocket-newtab
    Source: firefox.exe, 0000000D.00000003.1943323630.000001FE8E660000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1901590756.000001FEFF643000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/health?utm_source=pocket-newtab
    Source: firefox.exe, 0000000D.00000003.1943323630.000001FE8E660000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1901590756.000001FEFF643000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/science?utm_source=pocket-newtab
    Source: firefox.exe, 0000000D.00000003.1943323630.000001FE8E660000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1901590756.000001FEFF643000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/self-improvement?utm_source=pocket-newtab
    Source: firefox.exe, 0000000D.00000003.1943323630.000001FE8E660000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1901590756.000001FEFF643000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/technology?utm_source=pocket-newtab
    Source: firefox.exe, 00000012.00000002.3573072841.000001C6C76C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/trending?src=fx_new_tab
    Source: firefox.exe, 0000000D.00000003.1935254588.000001FE923BB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1904878420.000001FE923AB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1916570949.000001FE923BB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/trending?src=fx_new_tabL
    Source: firefox.exe, 0000000D.00000003.1943323630.000001FE8E660000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1901590756.000001FEFF643000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore?utm_source=pocket-newtab
    Source: firefox.exe, 0000000D.00000003.1901590756.000001FEFF643000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/firefox/new_tab_learn_more
    Source: firefox.exe, 00000012.00000002.3573072841.000001C6C76C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/recommendations
    Source: firefox.exe, 0000000D.00000003.1935254588.000001FE923BB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1904878420.000001FE923AB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1916570949.000001FE923BB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/recommendationsS
    Source: firefox.exe, 0000000D.00000003.1935254588.000001FE923BB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1904878420.000001FE923AB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1916570949.000001FE923BB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/recommendationsS7
    Source: firefox.exe, 0000000D.00000003.1935254588.000001FE923BB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1904878420.000001FE923AB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1916570949.000001FE923BB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/v3/newtab/layout?version=1&consumer_key=$apiKey&layout_variant=basic
    Source: firefox.exe, 0000000D.00000003.1789235082.000001FE96A55000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1885223121.000001FE96A4C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1788353843.000001FE96A57000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1871544776.000001FE96A49000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1788227783.000001FE96A57000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/google/closure-compiler/issues/3177
    Source: firefox.exe, 0000000D.00000003.1871544776.000001FE96A31000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1788783460.000001FE96A43000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1789235082.000001FE96A43000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/lit/lit/blob/main/packages/reactive-element/src/decorators/query-all.ts
    Source: firefox.exe, 0000000D.00000003.1871544776.000001FE96A31000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1788783460.000001FE96A43000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1789235082.000001FE96A43000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/lit/lit/blob/main/packages/reactive-element/src/decorators/query.ts
    Source: firefox.exe, 0000000D.00000003.1789235082.000001FE96A55000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1885223121.000001FE96A4C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1788353843.000001FE96A57000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1871544776.000001FE96A49000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/lit/lit/issues/1266
    Source: firefox.exe, 0000000D.00000003.1789235082.000001FE96A55000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1885223121.000001FE96A4C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1788353843.000001FE96A57000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1871544776.000001FE96A49000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/microsoft/TypeScript/issues/338).
    Source: firefox.exe, 0000000D.00000003.1750469216.000001FE8E777000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1749665388.000001FE8E500000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1749921112.000001FE8E71F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1750064306.000001FE8E73C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1750219188.000001FE8E75A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mozilla-services/screenshots
    Source: firefox.exe, 0000000D.00000003.1911638305.000001FE9A8CF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/uuidjs/uuid#getrandomvalues-not-supported
    Source: firefox.exe, 0000000D.00000003.1935254588.000001FE923BB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1904878420.000001FE923AB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1916570949.000001FE923BB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/zertosh/loose-envify)
    Source: firefox.exe, 0000000D.00000003.1901590756.000001FEFF643000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google.com
    Source: firefox.exe, 0000000F.00000002.3572503919.00000205411F0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3575975489.000001FA8E960000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3572038819.000001C6C7230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://helper1.dap.cloudflareresearch.com/v02
    Source: firefox.exe, 0000000D.00000003.1949701818.000001FE9A17E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1925276272.000001FE9A17B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1903917402.000001FE9A1F9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1932103118.000001FE9A17C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1885347051.000001FE8FE55000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ib.absa.co.za/
    Source: firefox.exe, 0000000F.00000002.3572503919.00000205411F0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3575975489.000001FA8E960000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3572038819.000001C6C7230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://ideas.mozilla.org/
    Source: firefox.exe, 0000000D.00000003.1933134674.000001FE9844C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1904583643.000001FE9844C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/apps/oldsyncS
    Source: firefox.exe, 0000000D.00000003.1933134674.000001FE9844C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1904583643.000001FE9844C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/cmd/H
    Source: firefox.exe, 0000000D.00000003.1933134674.000001FE9844C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1904583643.000001FE9844C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/cmd/HCX
    Source: firefox.exe, 0000000D.00000003.1933134674.000001FE9844C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1904583643.000001FE9844C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/ids/ecosystem_telemetryU
    Source: firefox.exe, 0000000D.00000003.1933134674.000001FE9844C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1904583643.000001FE9844C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/ids/ecosystem_telemetryUFj
    Source: prefs-1.js.13.drString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYi
    Source: firefox.exe, 0000000D.00000003.1902869152.000001FE9A42D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1931944516.000001FE9A42D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.3572503919.00000205411F0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3575975489.000001FA8E960000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3572038819.000001C6C7230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org
    Source: firefox.exe, 0000000D.00000003.1901590756.000001FEFF643000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1935254588.000001FE923BB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1904878420.000001FE923AB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1916570949.000001FE923BB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3572663833.000001FA8E4CC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3573072841.000001C6C76F4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit
    Source: firefox.exe, 0000000D.00000003.1931389122.000001FE9A450000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/firefox-desktop/events/1/65de9d8f-b413-4b0e-ae53-3c0de
    Source: firefox.exe, 0000000D.00000003.1935254588.000001FE923BB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1904878420.000001FE923AB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1916570949.000001FE923BB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submits
    Source: firefox.exe, 0000000D.00000003.1789235082.000001FE96A55000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1885223121.000001FE96A4C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1788353843.000001FE96A57000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1871544776.000001FE96A49000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://infra.spec.whatwg.org/#ascii-whitespace
    Source: firefox.exe, 0000000F.00000002.3572503919.00000205411F0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3575975489.000001FA8E960000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3572038819.000001C6C7230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://install.mozilla.org
    Source: firefox.exe, 0000000D.00000003.1789235082.000001FE96A55000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1885223121.000001FE96A4C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1788353843.000001FE96A57000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1871544776.000001FE96A49000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lit.dev/docs/libraries/standalone-templates/#rendering-lit-html-templates
    Source: firefox.exe, 0000000D.00000003.1789235082.000001FE96A55000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1885223121.000001FE96A4C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1788353843.000001FE96A57000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1871544776.000001FE96A49000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lit.dev/docs/templates/directives/#stylemap
    Source: firefox.exe, 0000000D.00000003.1789235082.000001FE96A55000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1885223121.000001FE96A4C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1788353843.000001FE96A57000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1871544776.000001FE96A49000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lit.dev/docs/templates/expressions/#child-expressions)
    Source: firefox.exe, 0000000F.00000002.3572503919.00000205411F0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3575975489.000001FA8E960000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3572038819.000001C6C7230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com/v1/country?key=%MOZILLA_API_KEY%
    Source: firefox.exe, 0000000D.00000003.1875870204.000001FE96AD6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1935843580.000001FE91E70000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1870652462.000001FE96AD8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1899110758.000001FE96ADE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.live.com
    Source: firefox.exe, 0000000D.00000003.1907017513.000001FE914C3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1935843580.000001FE91E70000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com
    Source: firefox.exe, 0000000D.00000003.1935843580.000001FE91E76000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1902869152.000001FE9A450000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1851685821.000001FE8F92E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1905054219.000001FE91E76000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1885347051.000001FE8FE55000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lookerstudio.google.com/embed/reporting/
    Source: firefox.exe, 0000000D.00000003.1756532354.000001FE8C91A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1920945552.000001FE8C934000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1940836290.000001FE8C934000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1756618073.000001FE8C932000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1918718361.000001FE8C939000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1756129232.000001FE8C933000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/?extsrc=mailto&url=%s
    Source: firefox.exe, 0000000D.00000003.1756532354.000001FE8C91A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1920945552.000001FE8C934000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1940836290.000001FE8C934000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1756618073.000001FE8C932000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1918718361.000001FE8C939000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1756129232.000001FE8C933000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.inbox.lv/compose?to=%s
    Source: firefox.exe, 0000000D.00000003.1921792209.000001FEFF654000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1901590756.000001FEFF654000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1930019659.000001FEFF654000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.inbox.lv/compose?to=%sv
    Source: firefox.exe, 0000000D.00000003.1756532354.000001FE8C91A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1920945552.000001FE8C934000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1940836290.000001FE8C934000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1756618073.000001FE8C932000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1918718361.000001FE8C939000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1756129232.000001FE8C933000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.yahoo.co.jp/compose/?To=%s
    Source: firefox.exe, 0000000D.00000003.1921792209.000001FEFF654000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1901590756.000001FEFF654000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1930019659.000001FEFF654000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.yahoo.co.jp/compose/?To=%st
    Source: firefox.exe, 00000012.00000002.3573072841.000001C6C768F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://merino.services.mozilla.com/api/v1/suggest
    Source: firefox.exe, 0000000F.00000002.3572503919.00000205411F0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3575975489.000001FA8E960000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3572038819.000001C6C7230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://mitmdetection.services.mozilla.com/
    Source: firefox.exe, 0000000F.00000002.3572503919.00000205411F0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3575975489.000001FA8E960000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3572038819.000001C6C7230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/?entrypoint=protection_report_monitor&utm_source=about-protections
    Source: firefox.exe, 0000000F.00000002.3572503919.00000205411F0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3575975489.000001FA8E960000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3572038819.000001C6C7230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/about
    Source: firefox.exe, 0000000F.00000002.3572503919.00000205411F0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3575975489.000001FA8E960000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3572038819.000001C6C7230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/breach-details/
    Source: firefox.exe, 0000000F.00000002.3572503919.00000205411F0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3575975489.000001FA8E960000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3572038819.000001C6C7230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/oauth/init?entrypoint=protection_report_monitor&utm_source=about-protect
    Source: firefox.exe, 0000000F.00000002.3572503919.00000205411F0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3575975489.000001FA8E960000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3572038819.000001C6C7230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/breach-stats?includeResolved=true
    Source: firefox.exe, 0000000F.00000002.3572503919.00000205411F0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3575975489.000001FA8E960000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3572038819.000001C6C7230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/dashboard
    Source: firefox.exe, 0000000F.00000002.3572503919.00000205411F0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3575975489.000001FA8E960000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3572038819.000001C6C7230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/preferences
    Source: firefox.exe, 0000000F.00000002.3572503919.00000205411F0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3575975489.000001FA8E960000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3572038819.000001C6C7230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://mozilla-ohttp-fakespot.fastly-edge.com/
    Source: firefox.exe, 0000000F.00000002.3572503919.00000205411F0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3575975489.000001FA8E960000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3572038819.000001C6C7230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://mozilla.cloudflare-dns.com/dns-query
    Source: firefox.exe, 0000000D.00000003.1918906151.000001FE8C207000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1921125017.000001FE8C20D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1921531801.000001FE8C20E000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1918906151.000001FE8C20E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mozilla.org0/
    Source: firefox.exe, 0000000F.00000002.3572503919.00000205411F0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3575975489.000001FA8E960000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3572038819.000001C6C7230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://normandy.cdn.mozilla.net/api/v1
    Source: firefox.exe, 0000000F.00000002.3572503919.00000205411F0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3575975489.000001FA8E960000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3572038819.000001C6C7230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://oauth.accounts.firefox.com/v1
    Source: firefox.exe, 0000000D.00000003.1756532354.000001FE8C91A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1920945552.000001FE8C934000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1940836290.000001FE8C934000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1756618073.000001FE8C932000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1918718361.000001FE8C939000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1756129232.000001FE8C933000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://outlook.live.com/default.aspx?rru=compose&to=%s
    Source: firefox.exe, 0000000F.00000002.3572503919.00000205411F0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3575975489.000001FA8E960000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3572038819.000001C6C7230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://play.google.com/store/apps/details?id=org.mozilla.firefox&referrer=utm_source%3Dprotection_r
    Source: firefox.exe, 0000000F.00000002.3572503919.00000205411F0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3575975489.000001FA8E960000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3572038819.000001C6C7230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-
    Source: firefox.exe, 0000000D.00000003.1756532354.000001FE8C91A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1920945552.000001FE8C934000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1940836290.000001FE8C934000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1756618073.000001FE8C932000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1918718361.000001FE8C939000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1756129232.000001FE8C933000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://poczta.interia.pl/mh/?mailto=%s
    Source: firefox.exe, 0000000D.00000003.1921792209.000001FEFF654000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1901590756.000001FEFF654000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1930019659.000001FEFF654000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://poczta.interia.pl/mh/?mailto=%sx
    Source: firefox.exe, 0000000F.00000002.3572503919.00000205411F0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3575975489.000001FA8E960000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3572038819.000001C6C7230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://prod.ohttp-gateway.prod.webservices.mozgcp.net/ohttp-configs
    Source: firefox.exe, 0000000F.00000002.3572503919.00000205411F0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3575975489.000001FA8E960000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3572038819.000001C6C7230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://profile.accounts.firefox.com/v1
    Source: firefox.exe, 0000000F.00000002.3572503919.00000205411F0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3575975489.000001FA8E960000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3572038819.000001C6C7230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://profiler.firefox.com
    Source: firefox.exe, 0000000D.00000003.1932236968.000001FE9A135000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1925276272.000001FE9A135000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://push.services.mozilla.com
    Source: firefox.exe, 0000000D.00000003.1916570949.000001FE923BB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redux.js.org/api-reference/store#subscribe(listener)
    Source: firefox.exe, 0000000D.00000003.1907713421.000001FE91285000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1937929105.000001FE91285000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.3572503919.00000205411F0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3575975489.000001FA8E960000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3572038819.000001C6C7230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://relay.firefox.com/accounts/profile/?utm_medium=firefox-desktop&utm_source=modal&utm_campaign
    Source: firefox.exe, 0000000F.00000002.3572503919.00000205411F0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3575975489.000001FA8E960000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3572038819.000001C6C7230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://relay.firefox.com/api/v1/
    Source: firefox.exe, 0000000F.00000002.3572503919.00000205411F0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3575975489.000001FA8E960000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3572038819.000001C6C7230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/diagnostic?site=
    Source: firefox.exe, 0000000F.00000002.3572503919.00000205411F0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3575975489.000001FA8E960000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3572038819.000001C6C7230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/downloads?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%
    Source: firefox.exe, 0000000D.00000003.1907713421.000001FE91285000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1937929105.000001FE91285000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/downloads?client=SAFEBROWSING_ID&appver=118.0&pver=2.2&
    Source: firefox.exe, 0000000F.00000002.3572503919.00000205411F0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3575975489.000001FA8E960000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3572038819.000001C6C7230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/gethash?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&p
    Source: firefox.exe, 0000000F.00000002.3572503919.00000205411F0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3575975489.000001FA8E960000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3572038819.000001C6C7230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/fullHashes:find?$ct=application/x-protobuf&key=%GOOGLE_SAFEBR
    Source: firefox.exe, 0000000F.00000002.3572503919.00000205411F0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3575975489.000001FA8E960000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3572038819.000001C6C7230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/threatHits?$ct=application/x-protobuf&key=%GOOGLE_SAFEBROWSIN
    Source: firefox.exe, 0000000F.00000002.3572503919.00000205411F0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3575975489.000001FA8E960000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3572038819.000001C6C7230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/threatListUpdates:fetch?$ct=application/x-protobuf&key=%GOOGL
    Source: firefox.exe, 0000000D.00000003.1902869152.000001FE9A432000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1931389122.000001FE9A432000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/threatListUpdates:fetch?$ct=application/x-protobuf&key=AIzaSy
    Source: firefox.exe, 0000000F.00000002.3572503919.00000205411F0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3575975489.000001FA8E960000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3572038819.000001C6C7230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://sb-ssl.google.com/safebrowsing/clientreport/download?key=%GOOGLE_SAFEBROWSING_API_KEY%
    Source: firefox.exe, 0000000D.00000003.1750219188.000001FE8E75A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://screenshots.firefox.com/
    Source: firefox.exe, 0000000D.00000003.1921520301.000001FE90429000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://searchfox.org/mozilla-central/source/toolkit/components/search/SearchUtils.jsm#145-152
    Source: firefox.exe, 0000000F.00000002.3572503919.00000205411F0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3575975489.000001FA8E960000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3572038819.000001C6C7230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/abuse/report/addon/
    Source: firefox.exe, 0000000D.00000003.1903917402.000001FE9A194000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/addon
    Source: firefox.exe, 0000000F.00000002.3572503919.00000205411F0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3575975489.000001FA8E960000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3572038819.000001C6C7230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/addon/
    Source: firefox.exe, 0000000F.00000002.3572503919.00000205411F0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3575975489.000001FA8E960000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3572038819.000001C6C7230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/language-tools/?app=firefox&type=language&appversi
    Source: firefox.exe, 0000000F.00000002.3572503919.00000205411F0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3575975489.000001FA8E960000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3572038819.000001C6C7230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%
    Source: firefox.exe, 0000000F.00000002.3572503919.00000205411F0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3575975489.000001FA8E960000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3572038819.000001C6C7230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/discovery/?lang=%LOCALE%&edition=%DISTRIBUTION%
    Source: firefox.exe, 0000000F.00000002.3572503919.00000205411F0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3575975489.000001FA8E960000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3572038819.000001C6C7230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%
    Source: firefox.exe, 0000000F.00000002.3572503919.00000205411F0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3575975489.000001FA8E960000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3572038819.000001C6C7230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/downloads?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&pver=2.2
    Source: firefox.exe, 0000000F.00000002.3572503919.00000205411F0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3575975489.000001FA8E960000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3572038819.000001C6C7230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/gethash?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&pver=2.2
    Source: firefox.exe, 0000000F.00000002.3572503919.00000205411F0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3575975489.000001FA8E960000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3572038819.000001C6C7230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://snippets.cdn.mozilla.net/%STARTPAGE_VERSION%/%NAME%/%VERSION%/%APPBUILDID%/%BUILD_TARGET%/%L
    Source: firefox.exe, 00000010.00000002.3572663833.000001FA8E45F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3573072841.000001C6C7613000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/
    Source: firefox.exe, 0000000D.00000003.1943323630.000001FE8E660000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1901590756.000001FEFF643000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/spocs
    Source: firefox.exe, 0000000D.00000003.1901590756.000001FEFF643000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1935254588.000001FE923BB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1904878420.000001FE923AB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1916570949.000001FE923BB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3572663833.000001FA8E4CC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3573072841.000001C6C76F4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/user
    Source: places.sqlite-wal.13.drString found in binary or memory: https://support.mozilla.org
    Source: firefox.exe, 0000000F.00000002.3572503919.00000205411F0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3575975489.000001FA8E960000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3572038819.000001C6C7230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/
    Source: firefox.exe, 0000000F.00000002.3572503919.00000205411F0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3575975489.000001FA8E960000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3572038819.000001C6C7230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-report
    Source: firefox.exe, 0000000F.00000002.3572503919.00000205411F0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3575975489.000001FA8E960000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3572038819.000001C6C7230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cryptominers-report
    Source: firefox.exe, 0000000F.00000002.3572503919.00000205411F0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3575975489.000001FA8E960000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3572038819.000001C6C7230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-report
    Source: firefox.exe, 0000000F.00000002.3572503919.00000205411F0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3575975489.000001FA8E960000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3572038819.000001C6C7230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/firefox-relay-integration
    Source: firefox.exe, 0000000F.00000002.3572503919.00000205411F0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3575975489.000001FA8E960000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3572038819.000001C6C7230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/password-manager-report
    Source: firefox.exe, 0000000F.00000002.3572503919.00000205411F0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3575975489.000001FA8E960000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3572038819.000001C6C7230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/search-engine-removal
    Source: firefox.exe, 0000000F.00000002.3572503919.00000205411F0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3575975489.000001FA8E960000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3572038819.000001C6C7230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/send-tab
    Source: firefox.exe, 0000000F.00000002.3572503919.00000205411F0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3575975489.000001FA8E960000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3572038819.000001C6C7230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shield
    Source: firefox.exe, 0000000F.00000002.3572503919.00000205411F0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3575975489.000001FA8E960000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3572038819.000001C6C7230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/social-media-tracking-report
    Source: firefox.exe, 0000000F.00000002.3572503919.00000205411F0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3575975489.000001FA8E960000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3572038819.000001C6C7230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/tracking-content-report
    Source: firefox.exe, 0000000D.00000003.1925055427.000001FE9A491000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1931389122.000001FE9A491000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1932236968.000001FE9A135000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1902869152.000001FE9A491000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1925276272.000001FE9A135000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/118.0.1/WINNT/en-US/
    Source: firefox.exe, 0000000D.00000003.1924330393.000001FE9A896000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1912950740.000001FE99D81000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1903917402.000001FE9A194000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1912072645.000001FE9A896000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.3572503919.00000205411F0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3575975489.000001FA8E960000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3572038819.000001C6C7230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/captive-portal
    Source: firefox.exe, 0000000D.00000003.1914111650.000001FE984A4000.00000004.00000800.00020000.00000000.sdmp, places.sqlite-wal.13.drString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
    Source: firefox.exe, 0000000D.00000003.1935843580.000001FE91E76000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1905054219.000001FE91E76000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/refresh-firefox-reset-add-ons-and-settings2
    Source: places.sqlite-wal.13.drString found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.
    Source: firefox.exe, 0000000D.00000003.1914111650.000001FE984A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDF
    Source: firefox.exe, 0000000D.00000003.1789235082.000001FE96A55000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1885223121.000001FE96A4C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1788353843.000001FE96A57000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1871544776.000001FE96A49000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tc39.github.io/ecma262/#sec-typeof-operator
    Source: firefox.exe, 0000000F.00000002.3572503919.00000205411F0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3575975489.000001FA8E960000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3572038819.000001C6C7230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://token.services.mozilla.com/1.0/sync/1.5
    Source: firefox.exe, 0000000F.00000002.3572503919.00000205411F0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3575975489.000001FA8E960000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3572038819.000001C6C7230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://topsites.services.mozilla.com/cid/
    Source: firefox.exe, 0000000F.00000002.3572503919.00000205411F0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3575975489.000001FA8E960000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3572038819.000001C6C7230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://tracking-protection-issues.herokuapp.com/new
    Source: firefox.exe, 0000000D.00000003.1934226320.000001FE9692F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://twitter.com/
    Source: firefox.exe, 0000000F.00000002.3572503919.00000205411F0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3575975489.000001FA8E960000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3572038819.000001C6C7230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM
    Source: firefox.exe, 0000000F.00000002.3572503919.00000205411F0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3575975489.000001FA8E960000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3572038819.000001C6C7230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_ID
    Source: firefox.exe, 0000000F.00000002.3572503919.00000205411F0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3575975489.000001FA8E960000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3572038819.000001C6C7230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://vpn.mozilla.org/?utm_source=firefox-browser&utm_medium=firefox-%CHANNEL%-browser&utm_campaig
    Source: firefox.exe, 00000012.00000002.3572038819.000001C6C7230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://vpn.mozilla.org/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_campaign=about-pr
    Source: firefox.exe, 0000000F.00000002.3572503919.00000205411F0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3575975489.000001FA8E960000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3572038819.000001C6C7230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://webcompat.com/issues/new
    Source: firefox.exe, 0000000F.00000002.3572503919.00000205411F0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3575975489.000001FA8E960000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3572038819.000001C6C7230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://webextensions.settings.services.mozilla.com/v1
    Source: firefox.exe, 0000000D.00000003.1935254588.000001FE923BB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1904878420.000001FE923AB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1916570949.000001FE923BB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://webpack.js.org/concepts/mode/)
    Source: firefox.exe, 0000000D.00000003.1933800282.000001FE969C3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://weibo.com/
    Source: firefox.exe, 0000000D.00000003.1789235082.000001FE96A55000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1885223121.000001FE96A4C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1788353843.000001FE96A57000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1871544776.000001FE96A49000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1788227783.000001FE96A57000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://wicg.github.io/construct-stylesheets/#using-constructed-stylesheets).
    Source: firefox.exe, 0000000D.00000003.1935527989.000001FE9232F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.aliexpress.com/
    Source: firefox.exe, 0000000D.00000003.1935527989.000001FE9232F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.ca/
    Source: firefox.exe, 0000000D.00000003.1933800282.000001FE969C3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.co.uk/
    Source: firefox.exe, 0000000D.00000003.1934226320.000001FE9692F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/
    Source: firefox.exe, 0000000D.00000003.1921792209.000001FEFF6AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1901590756.000001FEFF643000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1949041195.000001FEFF6B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1930019659.000001FEFF6AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1901590756.000001FEFF6AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.3573557257.00000205415CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3572663833.000001FA8E4E8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3577161708.000001C6C7803000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.13.drString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94
    Source: firefox.exe, 0000000D.00000003.1934226320.000001FE9692F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1749921112.000001FE8E71F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1750064306.000001FE8E73C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1750219188.000001FE8E75A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/exec/obidos/external-search/
    Source: firefox.exe, 0000000D.00000003.1935527989.000001FE9232F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.de/
    Source: firefox.exe, 0000000D.00000003.1935527989.000001FE9232F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.fr/
    Source: firefox.exe, 0000000D.00000003.1933800282.000001FE969C3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.avito.ru/
    Source: firefox.exe, 0000000D.00000003.1935527989.000001FE9232F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.baidu.com/
    Source: firefox.exe, 0000000D.00000003.1933800282.000001FE969C3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.bbc.co.uk/
    Source: firefox.exe, 0000000D.00000003.1935527989.000001FE9232F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ctrip.com/
    Source: firefox.exe, 0000000D.00000003.1918906151.000001FE8C207000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.13.drString found in binary or memory: https://www.digicert.com/CPS0
    Source: firefox.exe, 0000000D.00000003.1935527989.000001FE9232F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ebay.co.uk/
    Source: firefox.exe, 0000000D.00000003.1935527989.000001FE9232F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ebay.de/
    Source: firefox.exe, 0000000D.00000003.1921792209.000001FEFF6AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1901590756.000001FEFF643000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1949041195.000001FEFF6B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1930019659.000001FEFF6AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1901590756.000001FEFF6AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.3573557257.00000205415CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3572663833.000001FA8E4E8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3577161708.000001C6C7803000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.13.drString found in binary or memory: https://www.expedia.com/?locale=en_US&siteid=1&semcid=US.UB.ADMARKETPLACE.GT-C-EN.HOTEL&SEMDTL=a1219
    Source: firefox.exe, 0000000D.00000003.1788069984.000001FE96A55000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1788934602.000001FE8EFEC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/complete/search
    Source: firefox.exe, 0000000D.00000003.1750469216.000001FE8E777000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1749665388.000001FE8E500000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1749921112.000001FE8E71F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1750064306.000001FE8E73C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1750219188.000001FE8E75A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/complete/search?client=firefox&q=
    Source: firefox.exe, 0000000D.00000003.1934226320.000001FE9692F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1749921112.000001FE8E71F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1750064306.000001FE8E73C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1750219188.000001FE8E75A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search
    Source: firefox.exe, 0000000D.00000003.1799694911.000001FE90E7E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search?client=firefox-b-d&q=
    Source: firefox.exe, 0000000F.00000002.3572503919.00000205411F0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3575975489.000001FA8E960000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3572038819.000001C6C7230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/geolocation/v1/geolocate?key=%GOOGLE_LOCATION_SERVICE_API_KEY%
    Source: firefox.exe, 0000000D.00000003.1933800282.000001FE969C3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ifeng.com/
    Source: firefox.exe, 0000000D.00000003.1933800282.000001FE969C3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.iqiyi.com/
    Source: firefox.exe, 0000000D.00000003.1933800282.000001FE969C3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.leboncoin.fr/
    Source: places.sqlite-wal.13.drString found in binary or memory: https://www.mozilla.org
    Source: firefox.exe, 0000000D.00000003.1912950740.000001FE99DF8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/
    Source: firefox.exe, 0000000F.00000002.3572503919.00000205411F0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3575975489.000001FA8E960000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3572038819.000001C6C7230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/about/legal/terms/subscription-services/
    Source: firefox.exe, 00000012.00000002.3572038819.000001C6C7230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/%VERSION%/releasenotes/?utm_source=firefox-browser&utm_medi
    Source: firefox.exe, 0000000F.00000002.3572503919.00000205411F0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3575975489.000001FA8E960000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3572038819.000001C6C7230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/%VERSION%/tour/
    Source: firefox.exe, 0000000F.00000002.3572503919.00000205411F0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3575975489.000001FA8E960000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3572038819.000001C6C7230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/geolocation/
    Source: firefox.exe, 0000000F.00000002.3572503919.00000205411F0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3575975489.000001FA8E960000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3572038819.000001C6C7230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/new?reason=manual-update
    Source: firefox.exe, 0000000F.00000002.3572503919.00000205411F0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3575975489.000001FA8E960000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3572038819.000001C6C7230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/notes
    Source: firefox.exe, 0000000F.00000002.3572503919.00000205411F0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3575975489.000001FA8E960000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3572038819.000001C6C7230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/set-as-default/thanks/
    Source: firefox.exe, 0000000F.00000002.3572503919.00000205411F0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3575975489.000001FA8E960000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3572038819.000001C6C7230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/xr/
    Source: firefox.exe, 0000000F.00000002.3572503919.00000205411F0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3575975489.000001FA8E960000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3572038819.000001C6C7230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/privacy/subscription-services/
    Source: places.sqlite-wal.13.drString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.
    Source: firefox.exe, 0000000D.00000003.1914111650.000001FE984A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.VsJpOAWrHqB2
    Source: firefox.exe, 0000000D.00000003.1790843191.000001FE8FE4F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1792090729.000001FE8FE64000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/legal/terms/mozilla/
    Source: firefox.exe, 0000000D.00000003.1925055427.000001FE9A491000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1931389122.000001FE9A491000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1902869152.000001FE9A491000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/anything/?
    Source: places.sqlite-wal.13.drString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.
    Source: firefox.exe, 0000000D.00000003.1914111650.000001FE984A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.n0g9CLHwD9nR
    Source: firefox.exe, 0000000D.00000003.1905054219.000001FE91E76000.00000004.00000800.00020000.00000000.sdmp, targeting.snapshot.json.tmp.13.drString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/
    Source: firefox.exe, 0000000D.00000003.1914111650.000001FE984A4000.00000004.00000800.00020000.00000000.sdmp, places.sqlite-wal.13.drString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
    Source: firefox.exe, 0000000D.00000003.1914111650.000001FE984A4000.00000004.00000800.00020000.00000000.sdmp, places.sqlite-wal.13.drString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
    Source: firefox.exe, 0000000F.00000002.3572503919.00000205411F0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3575975489.000001FA8E960000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3572038819.000001C6C7230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/android/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_c
    Source: firefox.exe, 0000000F.00000002.3572503919.00000205411F0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3575975489.000001FA8E960000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3572038819.000001C6C7230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/ios/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_campa
    Source: firefox.exe, 0000000D.00000003.1931389122.000001FE9A4CA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1902869152.000001FE9A4CA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1925055427.000001FE9A4CA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/mobile/get-app/?utm_medium=firefox-desktop&utm_source=onboarding-mod
    Source: firefox.exe, 0000000F.00000002.3572503919.00000205411F0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3575975489.000001FA8E960000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3572038819.000001C6C7230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html
    Source: firefox.exe, 0000000F.00000002.3572503919.00000205411F0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3575975489.000001FA8E960000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3572038819.000001C6C7230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html#crash-reporter
    Source: firefox.exe, 0000000F.00000002.3572503919.00000205411F0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3575975489.000001FA8E960000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3572038819.000001C6C7230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html#health-report
    Source: firefox.exe, 0000000F.00000002.3573557257.00000205415CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3572663833.000001FA8E4CE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3573072841.000001C6C76F4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/
    Source: firefox.exe, 0000000D.00000003.1943323630.000001FE8E660000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1901590756.000001FEFF643000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/#suggest-relevant-content
    Source: firefox.exe, 0000000F.00000002.3572503919.00000205411F0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3575975489.000001FA8E960000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3572038819.000001C6C7230000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_c
    Source: firefox.exe, 0000000D.00000003.1921792209.000001FEFF654000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1901590756.000001FEFF654000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1930019659.000001FEFF654000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/C
    Source: firefox.exe, 0000000D.00000003.1914111650.000001FE984A4000.00000004.00000800.00020000.00000000.sdmp, places.sqlite-wal.13.drString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
    Source: firefox.exe, 0000000D.00000003.1935843580.000001FE91E70000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com
    Source: firefox.exe, 0000000D.00000003.1935527989.000001FE9232F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.olx.pl/
    Source: firefox.exe, 0000000D.00000003.1934226320.000001FE9692F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.reddit.com/
    Source: firefox.exe, 0000000D.00000003.1885347051.000001FE8FE55000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1911638305.000001FE9A8F4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.tiktok.com/
    Source: firefox.exe, 0000000D.00000003.1935527989.000001FE9232F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.wykop.pl/
    Source: firefox.exe, 0000000D.00000003.1934226320.000001FE9692F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3572663833.000001FA8E403000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3573072841.000001C6C760C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/
    Source: firefox.exe, 0000000D.00000003.1905054219.000001FE91E76000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://youtube.com
    Source: firefox.exe, 0000000D.00000003.1779953602.0000037E5DE80000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://youtube.com-
    Source: firefox.exe, 0000000D.00000003.1950156628.000001FE920FD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1926626024.000001FE920FD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1938640209.000001FE9119E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1908207027.000001FE9119E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/
    Source: recovery.jsonlz4.tmp.13.drString found in binary or memory: https://youtube.com/account?=
    Source: firefox.exe, 00000012.00000002.3572615715.000001C6C75C0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/sig
    Source: firefox.exe, 0000000F.00000002.3572780159.0000020541360000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/sigM
    Source: firefox.exe, 0000000F.00000002.3572227976.00000205411BA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challeng
    Source: firefox.exe, 0000000D.00000003.1916518465.000001FE9288C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1949041195.000001FEFF6DF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.3572227976.00000205411BA000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.3572780159.0000020541364000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.3572227976.00000205411B0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3570823472.000001FA8E10A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3570823472.000001FA8E100000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3571341330.000001FA8E284000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3572615715.000001C6C75C4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3572224681.000001C6C72BA000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3572224681.000001C6C72B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd
    Source: firefox.exe, 0000000B.00000002.1736922738.0000027CE09CA000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000C.00000002.1743301384.000001BFC53D8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd--no-default-browser
    Source: firefox.exe, 0000000D.00000003.1945581171.000001FE8C227000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1946833869.000001FE8C20B000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1945968005.000001FE8C209000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.3572780159.0000020541364000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.3572227976.00000205411B0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3570823472.000001FA8E100000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3571341330.000001FA8E284000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3572615715.000001C6C75C4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3572224681.000001C6C72B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwdMOZ_CRASHREPORTER_RE
    Source: firefox.exe, 00000010.00000002.3571341330.000001FA8E280000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/sigxV
    Source: firefox.exe, 0000000D.00000003.1779953602.0000037E5DE80000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://youtube.comZ
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
    Source: unknownNetwork traffic detected: HTTP traffic on port 50957 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
    Source: unknownNetwork traffic detected: HTTP traffic on port 50963 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 51243 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50970
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51223
    Source: unknownNetwork traffic detected: HTTP traffic on port 50943 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 50947 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
    Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50943
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50946
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50945
    Source: unknownNetwork traffic detected: HTTP traffic on port 50956 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 51223 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50947
    Source: unknownNetwork traffic detected: HTTP traffic on port 50962 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51034
    Source: unknownNetwork traffic detected: HTTP traffic on port 50966 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 51244 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51033
    Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51036
    Source: unknownNetwork traffic detected: HTTP traffic on port 50946 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 50967 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 51241 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 51033 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50955
    Source: unknownNetwork traffic detected: HTTP traffic on port 50959 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50954
    Source: unknownNetwork traffic detected: HTTP traffic on port 50955 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50957
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50956
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50959
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50958
    Source: unknownNetwork traffic detected: HTTP traffic on port 50961 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51243
    Source: unknownNetwork traffic detected: HTTP traffic on port 50965 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51244
    Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51241
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51242
    Source: unknownNetwork traffic detected: HTTP traffic on port 51245 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51245
    Source: unknownNetwork traffic detected: HTTP traffic on port 50968 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 50945 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 50970 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 51036 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 50958 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50964
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50963
    Source: unknownNetwork traffic detected: HTTP traffic on port 51034 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50966
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50965
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50968
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50967
    Source: unknownNetwork traffic detected: HTTP traffic on port 50954 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 50960 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 50964 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 51242 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50960
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50962
    Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50961
    Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49743 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.4:49744 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.4:49750 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:50947 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:50956 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:50955 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.4:50961 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:50960 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 151.101.1.91:443 -> 192.168.2.4:50962 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:50966 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:50965 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:50967 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.4:50968 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:51034 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:51033 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:51036 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:51244 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:51245 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:51242 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:51243 version: TLS 1.2
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001EEAFF OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,0_2_001EEAFF
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001EED6A OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,0_2_001EED6A
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001EEAFF OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,0_2_001EEAFF
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001DAA57 GetKeyboardState,SetKeyboardState,PostMessageW,SendInput,0_2_001DAA57
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00209576 DefDlgProcW,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,0_2_00209576

    System Summary

    barindex
    Source: file.exeString found in binary or memory: This is a third-party compiled AutoIt script.
    Source: file.exe, 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: This is a third-party compiled AutoIt script.memstr_ecea5d85-f
    Source: file.exe, 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainermemstr_87281496-3
    Source: file.exeString found in binary or memory: This is a third-party compiled AutoIt script.memstr_f16ff689-3
    Source: file.exeString found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainermemstr_2fb385ac-9
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 16_2_000001FA8EF172B7 NtQuerySystemInformation,16_2_000001FA8EF172B7
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 16_2_000001FA8F033472 NtQuerySystemInformation,16_2_000001FA8F033472
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001DD5EB: CreateFileW,DeviceIoControl,CloseHandle,0_2_001DD5EB
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001D1201 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,0_2_001D1201
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001DE8F6 ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,0_2_001DE8F6
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0017BF400_2_0017BF40
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001E20460_2_001E2046
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001780600_2_00178060
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001D82980_2_001D8298
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001AE4FF0_2_001AE4FF
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001A676B0_2_001A676B
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_002048730_2_00204873
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0019CAA00_2_0019CAA0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0017CAF00_2_0017CAF0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0018CC390_2_0018CC39
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001A6DD90_2_001A6DD9
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0018B1190_2_0018B119
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001791C00_2_001791C0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001913940_2_00191394
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001917060_2_00191706
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0019781B0_2_0019781B
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001779200_2_00177920
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0018997D0_2_0018997D
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001919B00_2_001919B0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00197A4A0_2_00197A4A
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00191C770_2_00191C77
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00197CA70_2_00197CA7
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001FBE440_2_001FBE44
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001A9EEE0_2_001A9EEE
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00191F320_2_00191F32
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 16_2_000001FA8EF172B716_2_000001FA8EF172B7
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 16_2_000001FA8F03347216_2_000001FA8F033472
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 16_2_000001FA8F033B9C16_2_000001FA8F033B9C
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 16_2_000001FA8F0334B216_2_000001FA8F0334B2
    Source: C:\Users\user\Desktop\file.exeCode function: String function: 00190A30 appears 46 times
    Source: C:\Users\user\Desktop\file.exeCode function: String function: 0018F9F2 appears 31 times
    Source: file.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
    Source: classification engineClassification label: mal72.troj.evad.winEXE@35/41@71/12
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001E37B5 GetLastError,FormatMessageW,0_2_001E37B5
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001D10BF AdjustTokenPrivileges,CloseHandle,0_2_001D10BF
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001D16C3 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,0_2_001D16C3
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001E51CD SetErrorMode,GetDiskFreeSpaceExW,SetErrorMode,0_2_001E51CD
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001DD4DC CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,0_2_001DD4DC
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001E648E _wcslen,CoInitialize,CoCreateInstance,CoUninitialize,0_2_001E648E
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001742A2 CreateStreamOnHGlobal,FindResourceExW,LoadResource,SizeofResource,LockResource,0_2_001742A2
    Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Local\Mozilla\Firefox\SkeletonUILock-c388d246Jump to behavior
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7720:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7492:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7656:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7600:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7784:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:7628:120:WilError_03
    Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Local\Temp\firefoxJump to behavior
    Source: file.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
    Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
    Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
    Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
    Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
    Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
    Source: C:\Program Files\Mozilla Firefox\firefox.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
    Source: C:\Program Files\Mozilla Firefox\firefox.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
    Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
    Source: firefox.exe, 0000000D.00000003.1914111650.000001FE984B6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1933134674.000001FE9844C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1904261024.000001FE984B6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1904583643.000001FE9844C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT * FROM events WHERE timestamp BETWEEN date(:dateFrom) AND date(:dateTo);
    Source: firefox.exe, 0000000D.00000003.1933134674.000001FE9844C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1904583643.000001FE9844C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE events (id INTEGER PRIMARY KEY, type INTEGER NOT NULL, count INTEGER NOT NULL, timestamp DATE );
    Source: firefox.exe, 0000000D.00000003.1933134674.000001FE9844C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1904583643.000001FE9844C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: INSERT INTO events (type, count, timestamp) VALUES (:type, 1, date(:date));
    Source: firefox.exe, 0000000D.00000003.1933134674.000001FE9844C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1904583643.000001FE9844C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT timestamp FROM events ORDER BY timestamp ASC LIMIT 1;;
    Source: firefox.exe, 0000000D.00000003.1904583643.000001FE98417000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1933134674.000001FE98417000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT sum(count) FROM events;
    Source: firefox.exe, 0000000D.00000003.1933134674.000001FE9844C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1904583643.000001FE9844C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT timestamp FROM events ORDER BY timestamp ASC LIMIT 1;;Fy6
    Source: firefox.exe, 0000000D.00000003.1933134674.000001FE9844C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1904583643.000001FE9844C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: UPDATE events SET count = count + 1 WHERE id = :id;-
    Source: firefox.exe, 0000000D.00000003.1933134674.000001FE9844C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1904583643.000001FE9844C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT sum(count) FROM events;9'
    Source: firefox.exe, 0000000D.00000003.1933134674.000001FE9844C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1904583643.000001FE9844C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT sum(count) FROM events;9
    Source: firefox.exe, 0000000D.00000003.1933134674.000001FE9844C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1904583643.000001FE9844C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT * FROM events WHERE type = :type AND timestamp = date(:date);
    Source: file.exeVirustotal: Detection: 36%
    Source: unknownProcess created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T
    Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /T
    Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /T
    Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /T
    Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /T
    Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
    Source: unknownProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking --attempting-deelevation
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2296 -parentBuildID 20230927232528 -prefsHandle 2240 -prefMapHandle 2232 -prefsLen 25359 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e6cc69c0-1ab8-4949-9139-8146a8543006} 7892 "\\.\pipe\gecko-crash-server-pipe.7892" 1fefea6f510 socket
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3636 -parentBuildID 20230927232528 -prefsHandle 3344 -prefMapHandle 3692 -prefsLen 26208 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cecf5438-3921-42a8-b85b-1ccda718867a} 7892 "\\.\pipe\gecko-crash-server-pipe.7892" 1fe8e5f4b10 rdd
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4684 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 4984 -prefMapHandle 4988 -prefsLen 33185 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {40f98a07-c25a-448b-9186-f75ef4ee275c} 7892 "\\.\pipe\gecko-crash-server-pipe.7892" 1fefea73710 utility
    Source: C:\Windows\System32\conhost.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /TJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /TJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /TJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /TJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /TJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blockingJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blockingJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2296 -parentBuildID 20230927232528 -prefsHandle 2240 -prefMapHandle 2232 -prefsLen 25359 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e6cc69c0-1ab8-4949-9139-8146a8543006} 7892 "\\.\pipe\gecko-crash-server-pipe.7892" 1fefea6f510 socketJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3636 -parentBuildID 20230927232528 -prefsHandle 3344 -prefMapHandle 3692 -prefsLen 26208 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cecf5438-3921-42a8-b85b-1ccda718867a} 7892 "\\.\pipe\gecko-crash-server-pipe.7892" 1fe8e5f4b10 rddJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4684 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 4984 -prefMapHandle 4988 -prefsLen 33185 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {40f98a07-c25a-448b-9186-f75ef4ee275c} 7892 "\\.\pipe\gecko-crash-server-pipe.7892" 1fefea73710 utilityJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: wsock32.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: version.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: winmm.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: wininet.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: iphlpapi.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: uxtheme.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: windows.storage.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: wldp.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
    Source: Window RecorderWindow detected: More than 3 window changes detected
    Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
    Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
    Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
    Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
    Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
    Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
    Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
    Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdbV source: gmpopenh264.dll.tmp.13.dr
    Source: Binary string: NapiNSP.pdbUGP source: firefox.exe, 0000000D.00000003.1946833869.000001FE8C238000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: pnrpnsp.pdb source: firefox.exe, 0000000D.00000003.1948446910.000001FE8C239000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: NapiNSP.pdb source: firefox.exe, 0000000D.00000003.1946833869.000001FE8C238000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: netprofm.pdb source: firefox.exe, 0000000D.00000003.1942506114.000001FE8C239000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdb source: gmpopenh264.dll.tmp.13.dr
    Source: Binary string: pnrpnsp.pdbUGP source: firefox.exe, 0000000D.00000003.1948446910.000001FE8C239000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: netprofm.pdbUGP source: firefox.exe, 0000000D.00000003.1942506114.000001FE8C239000.00000004.00000020.00020000.00000000.sdmp
    Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
    Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
    Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
    Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
    Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001742DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_001742DE
    Source: gmpopenh264.dll.tmp.13.drStatic PE information: section name: .rodata
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00190A76 push ecx; ret 0_2_00190A89
    Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmpJump to dropped file
    Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)Jump to dropped file
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0018F98E GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,0_2_0018F98E
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00201C41 IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,0_2_00201C41
    Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

    Malware Analysis System Evasion

    barindex
    Source: C:\Users\user\Desktop\file.exeSandbox detection routine: GetForegroundWindow, DecisionNode, Sleepgraph_0-96655
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 16_2_000001FA8EF172B7 rdtsc 16_2_000001FA8EF172B7
    Source: C:\Users\user\Desktop\file.exeAPI coverage: 3.7 %
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001DDBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,0_2_001DDBBE
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001E68EE FindFirstFileW,FindClose,0_2_001E68EE
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001E698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,0_2_001E698F
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001DD076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_001DD076
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001DD3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_001DD3A9
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001E9642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_001E9642
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001E979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_001E979D
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001E9B2B FindFirstFileW,Sleep,FindNextFileW,FindClose,0_2_001E9B2B
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001E5C97 FindFirstFileW,FindNextFileW,FindClose,0_2_001E5C97
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001742DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_001742DE
    Source: firefox.exe, 00000010.00000002.3576423711.000001FA8E9C0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllD'
    Source: firefox.exe, 0000000F.00000002.3572661983.0000020541230000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll:
    Source: firefox.exe, 00000012.00000002.3576258087.000001C6C7715000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWr
    Source: firefox.exe, 0000000F.00000002.3572661983.0000020541230000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.3572227976.00000205411BA000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3576423711.000001FA8E9C0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3572224681.000001C6C72BA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
    Source: firefox.exe, 0000000F.00000002.3576828960.000002054161B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW : 2 : 34 : 1 : 1 : 0x20026 : 0x8 : %SystemRoot%\system32\mswsock.dll : : 1234191b-4bf7-4ca7-86e0-dfd7c32b5445
    Source: firefox.exe, 00000010.00000002.3570823472.000001FA8E10A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW@
    Source: firefox.exe, 0000000F.00000002.3572661983.0000020541230000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll"
    Source: firefox.exe, 0000000F.00000002.3572661983.0000020541230000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3576423711.000001FA8E9C0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
    Source: C:\Users\user\Desktop\file.exeProcess information queried: ProcessInformationJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 16_2_000001FA8EF172B7 rdtsc 16_2_000001FA8EF172B7
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001EEAA2 BlockInput,0_2_001EEAA2
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001A2622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_001A2622
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001742DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_001742DE
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00194CE8 mov eax, dword ptr fs:[00000030h]0_2_00194CE8
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001D0B62 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,0_2_001D0B62
    Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001A2622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_001A2622
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0019083F IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_0019083F
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001909D5 SetUnhandledExceptionFilter,0_2_001909D5
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00190C21 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00190C21
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001D1201 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,0_2_001D1201
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001B2BA5 KiUserCallbackDispatcher,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,0_2_001B2BA5
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001DB226 SendInput,keybd_event,0_2_001DB226
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001F22DA GetForegroundWindow,GetDesktopWindow,GetWindowRect,mouse_event,GetCursorPos,mouse_event,0_2_001F22DA
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /TJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /TJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /TJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /TJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /TJump to behavior
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001D0B62 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,0_2_001D0B62
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001D1663 AllocateAndInitializeSid,CheckTokenMembership,FreeSid,0_2_001D1663
    Source: file.exeBinary or memory string: Run Script:AutoIt script files (*.au3, *.a3x)*.au3;*.a3xAll files (*.*)*.*au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
    Source: file.exeBinary or memory string: Shell_TrayWnd
    Source: firefox.exe, 0000000D.00000003.1910399309.000001FE98601000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: hSoftware\Policies\Microsoft\Windows\PersonalizationNoChangingStartMenuBackgroundPersonalColors_BackgroundWilStaging_02RtlDisownModuleHeapAllocationRtlQueryFeatureConfigurationRtlRegisterFeatureConfigurationChangeNotificationRtlSubscribeWnfStateChangeNotificationRtlDllShutdownInProgressntdll.dllNtQueryWnfStateDataLocal\SM0:%d:%d:%hs_p0Local\SessionImmersiveColorPreferenceBEGINTHMthmfile\Sessions\%d\Windows\ThemeSectionMessageWindowendthemewndThemeApiConnectionRequest\ThemeApiPortwinsta0SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\PersonalizeAppsUseLightThemeSystemUsesLightThemedefaultshell\themes\uxtheme\render.cppCompositedWindow::WindowdeletedrcacheMDIClientSoftware\Microsoft\Windows\DWMColorPrevalenceSoftware\Microsoft\Windows\CurrentVersion\ImmersiveShellTabletModeMENUAccentColorSoftware\Microsoft\Windows\CurrentVersion\Explorer\AccentDefaultStartColorControl Panel\DesktopAutoColorizationAccentColorMenuStartColorMenuAutoColorSoftware\Microsoft\Windows\CurrentVersion\Themes\History\ColorsSoftware\Microsoft\Windows\CurrentVersion\Themes\HistoryAccentPaletteTab$Shell_TrayWndLocal\SessionImmersiveColorMutex
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00190698 cpuid 0_2_00190698
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001E8195 GetLocalTime,SystemTimeToFileTime,LocalFileTimeToFileTime,GetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,0_2_001E8195
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001CD27A GetUserNameW,0_2_001CD27A
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001ABB6F _free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,0_2_001ABB6F
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001742DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_001742DE
    Source: C:\Windows\System32\conhost.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\SecurityCenter2 : AntiVirusProduct
    Source: C:\Windows\System32\conhost.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\SecurityCenter2 : AntiVirusProduct

    Stealing of Sensitive Information

    barindex
    Source: Yara matchFile source: Process Memory Space: file.exe PID: 7468, type: MEMORYSTR
    Source: file.exeBinary or memory string: WIN_81
    Source: file.exeBinary or memory string: WIN_XP
    Source: file.exeBinary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_11WIN_10WIN_2022WIN_2019WIN_2016WIN_81WIN_2012R2WIN_2012WIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPInstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\AppearanceUSERPROFILEUSERDOMAINUSERDNSDOMAINGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubyte64HKEY_LOCAL_MACHINEHKLMHKEY_CLASSES_ROOTHKCRHKEY_CURRENT_CONFIGHKCCHKEY_CURRENT_USERHKCUHKEY_USERSHKUREG_EXPAND_SZREG_SZREG_MULTI_SZREG_DWORDREG_QWORDREG_BINARYRegDeleteKeyExWadvapi32.dll+.-.\\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs](*UCP)\XISVISIBLEISENABLEDTABLEFTTABRIGHTCURRENTTABSHOWDROPDOWNHIDEDROPDOWNADDSTRINGDELSTRINGFINDSTRINGGETCOUNTSETCURRENTSELECTIONGETCURRENTSELECTIONSELECTSTRINGISCHECKEDCHECKUNCHECKGETSELECTEDGETLINECOUNTGETCURRENTLINEGETCURRENTCOLEDITPASTEGETLINESENDCOMMANDIDGETITEMCOUNTGETSUBITEMCOUNTGETTEXTGETSELECTEDCOUNTISSELECTEDSELECTALLSELECTCLEARSELECTINVERTDESELECTFINDITEMVIEWCHANGEGETTOTALCOUNTCOLLAPSEEXPANDmsctls_statusbar321tooltips_class32%d/%02d/%02dbuttonComboboxListboxSysDateTimePick32SysMonthCal32.icl.exe.dllMsctls_Progress32msctls_trackbar32SysAnimate32msctls_updown32SysTabControl32SysTreeView32SysListView32-----@GUI_DRAGID@GUI_DROPID@GUI_DRAGFILEError text not found (please report)Q\EDEFINEUTF16)UTF)UCP)NO_AUTO_POSSESS)NO_START_OPT)LIMIT_MATCH=LIMIT_RECURSION=CR)LF)CRLF)ANY)ANYCRLF)BSR_ANYCRLF)BSR_UNICODE)argument is not a compiled regular expressionargument not compiled in 16 bit modeinternal error: opcode not recognizedinternal error: missing capturing bracketfailed to get memory
    Source: file.exeBinary or memory string: WIN_XPe
    Source: file.exeBinary or memory string: WIN_VISTA
    Source: file.exeBinary or memory string: WIN_7
    Source: file.exeBinary or memory string: WIN_8

    Remote Access Functionality

    barindex
    Source: Yara matchFile source: Process Memory Space: file.exe PID: 7468, type: MEMORYSTR
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001F1204 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,listen,WSAGetLastError,closesocket,0_2_001F1204
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001F1806 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,0_2_001F1806
    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
    Gather Victim Identity InformationAcquire Infrastructure2
    Valid Accounts
    11
    Windows Management Instrumentation
    1
    DLL Side-Loading
    1
    Exploitation for Privilege Escalation
    2
    Disable or Modify Tools
    21
    Input Capture
    2
    System Time Discovery
    Remote Services1
    Archive Collected Data
    2
    Ingress Tool Transfer
    Exfiltration Over Other Network Medium1
    System Shutdown/Reboot
    CredentialsDomainsDefault Accounts1
    Native API
    2
    Valid Accounts
    1
    DLL Side-Loading
    1
    Deobfuscate/Decode Files or Information
    LSASS Memory1
    Account Discovery
    Remote Desktop Protocol21
    Input Capture
    12
    Encrypted Channel
    Exfiltration Over BluetoothNetwork Denial of Service
    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
    Extra Window Memory Injection
    2
    Obfuscated Files or Information
    Security Account Manager2
    File and Directory Discovery
    SMB/Windows Admin Shares3
    Clipboard Data
    2
    Non-Application Layer Protocol
    Automated ExfiltrationData Encrypted for Impact
    Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook2
    Valid Accounts
    1
    DLL Side-Loading
    NTDS16
    System Information Discovery
    Distributed Component Object ModelInput Capture3
    Application Layer Protocol
    Traffic DuplicationData Destruction
    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script21
    Access Token Manipulation
    1
    Extra Window Memory Injection
    LSA Secrets141
    Security Software Discovery
    SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts2
    Process Injection
    1
    Masquerading
    Cached Domain Credentials1
    Virtualization/Sandbox Evasion
    VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items2
    Valid Accounts
    DCSync3
    Process Discovery
    Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
    Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
    Virtualization/Sandbox Evasion
    Proc Filesystem1
    Application Window Discovery
    Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
    Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt21
    Access Token Manipulation
    /etc/passwd and /etc/shadow1
    System Owner/User Discovery
    Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
    IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron2
    Process Injection
    Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Is Windows Process
    • Number of created Registry Values
    • Number of created Files
    • Visual Basic
    • Delphi
    • Java
    • .Net C# or VB.NET
    • C, C++ or other language
    • Is malicious
    • Internet
    behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1559009 Sample: file.exe Startdate: 20/11/2024 Architecture: WINDOWS Score: 72 48 youtube.com 2->48 50 youtube-ui.l.google.com 2->50 52 34 other IPs or domains 2->52 60 Multi AV Scanner detection for submitted file 2->60 62 Yara detected Credential Flusher 2->62 64 Binary is likely a compiled AutoIt script file 2->64 66 2 other signatures 2->66 9 file.exe 2->9         started        12 firefox.exe 1 2->12         started        signatures3 process4 signatures5 68 Binary is likely a compiled AutoIt script file 9->68 70 Found API chain indicative of sandbox detection 9->70 14 taskkill.exe 1 9->14         started        16 taskkill.exe 1 9->16         started        18 taskkill.exe 1 9->18         started        24 3 other processes 9->24 20 firefox.exe 3 214 12->20         started        process6 dnsIp7 26 conhost.exe 14->26         started        28 conhost.exe 16->28         started        30 conhost.exe 18->30         started        54 youtube.com 142.250.185.206, 443, 49738, 49740 GOOGLEUS United States 20->54 56 prod.detectportal.prod.cloudops.mozgcp.net 34.107.221.82, 49739, 49745, 49751 GOOGLEUS United States 20->56 58 10 other IPs or domains 20->58 44 C:\Users\user\AppData\...\gmpopenh264.dll.tmp, PE32+ 20->44 dropped 46 C:\Users\user\...\gmpopenh264.dll (copy), PE32+ 20->46 dropped 32 firefox.exe 1 20->32         started        34 firefox.exe 1 20->34         started        36 firefox.exe 1 20->36         started        38 conhost.exe 24->38         started        40 conhost.exe 24->40         started        file8 process9 process10 42 conhost.exe 26->42         started       

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


    windows-stand
    SourceDetectionScannerLabelLink
    file.exe36%VirustotalBrowse
    file.exe100%Joe Sandbox ML
    SourceDetectionScannerLabelLink
    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)0%ReversingLabs
    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)0%VirustotalBrowse
    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmp0%ReversingLabs
    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmp0%VirustotalBrowse
    No Antivirus matches
    No Antivirus matches
    SourceDetectionScannerLabelLink
    https://youtube.com-0%Avira URL Cloudsafe
    NameIPActiveMaliciousAntivirus DetectionReputation
    example.org
    93.184.215.14
    truefalse
      high
      star-mini.c10r.facebook.com
      157.240.252.35
      truefalse
        high
        prod.classify-client.prod.webservices.mozgcp.net
        35.190.72.216
        truefalse
          high
          prod.balrog.prod.cloudops.mozgcp.net
          35.244.181.201
          truefalse
            high
            twitter.com
            104.244.42.193
            truefalse
              high
              prod.detectportal.prod.cloudops.mozgcp.net
              34.107.221.82
              truefalse
                high
                services.addons.mozilla.org
                151.101.1.91
                truefalse
                  high
                  dyna.wikimedia.org
                  185.15.59.224
                  truefalse
                    high
                    prod.remote-settings.prod.webservices.mozgcp.net
                    34.149.100.209
                    truefalse
                      high
                      contile.services.mozilla.com
                      34.117.188.166
                      truefalse
                        high
                        youtube.com
                        142.250.185.206
                        truefalse
                          high
                          prod.content-signature-chains.prod.webservices.mozgcp.net
                          34.160.144.191
                          truefalse
                            high
                            youtube-ui.l.google.com
                            142.250.185.78
                            truefalse
                              high
                              us-west1.prod.sumo.prod.webservices.mozgcp.net
                              34.149.128.2
                              truefalse
                                high
                                reddit.map.fastly.net
                                151.101.65.140
                                truefalse
                                  high
                                  ipv4only.arpa
                                  192.0.0.171
                                  truefalse
                                    high
                                    prod.ads.prod.webservices.mozgcp.net
                                    34.117.188.166
                                    truefalse
                                      high
                                      push.services.mozilla.com
                                      34.107.243.93
                                      truefalse
                                        high
                                        normandy-cdn.services.mozilla.com
                                        35.201.103.21
                                        truefalse
                                          high
                                          telemetry-incoming.r53-2.services.mozilla.com
                                          34.120.208.123
                                          truefalse
                                            high
                                            www.reddit.com
                                            unknown
                                            unknownfalse
                                              high
                                              spocs.getpocket.com
                                              unknown
                                              unknownfalse
                                                high
                                                content-signature-2.cdn.mozilla.net
                                                unknown
                                                unknownfalse
                                                  high
                                                  support.mozilla.org
                                                  unknown
                                                  unknownfalse
                                                    high
                                                    firefox.settings.services.mozilla.com
                                                    unknown
                                                    unknownfalse
                                                      high
                                                      www.youtube.com
                                                      unknown
                                                      unknownfalse
                                                        high
                                                        www.facebook.com
                                                        unknown
                                                        unknownfalse
                                                          high
                                                          detectportal.firefox.com
                                                          unknown
                                                          unknownfalse
                                                            high
                                                            normandy.cdn.mozilla.net
                                                            unknown
                                                            unknownfalse
                                                              high
                                                              shavar.services.mozilla.com
                                                              unknown
                                                              unknownfalse
                                                                high
                                                                www.wikipedia.org
                                                                unknown
                                                                unknownfalse
                                                                  high
                                                                  NameSourceMaliciousAntivirus DetectionReputation
                                                                  https://youtube.comZfirefox.exe, 0000000D.00000003.1779953602.0000037E5DE80000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    high
                                                                    https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-firefox.exe, 0000000F.00000002.3572503919.00000205411F0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3575975489.000001FA8E960000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3572038819.000001C6C7230000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                      high
                                                                      https://getpocket.cdn.mozilla.net/v3/newtab/layout?version=1&consumer_key=40249-e88c401e1b1f2242d9e4firefox.exe, 0000000D.00000003.1943323630.000001FE8E660000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1901590756.000001FEFF643000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        high
                                                                        https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_lfirefox.exe, 00000012.00000002.3573072841.000001C6C76C4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          high
                                                                          http://exslt.org/dates-and-timespfirefox.exe, 0000000D.00000003.1901590756.000001FEFF661000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1930019659.000001FEFF661000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1921792209.000001FEFF661000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            high
                                                                            https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%firefox.exe, 0000000F.00000002.3572503919.00000205411F0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3575975489.000001FA8E960000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3572038819.000001C6C7230000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                              high
                                                                              https://datastudio.google.com/embed/reporting/firefox.exe, 0000000D.00000003.1902869152.000001FE9A450000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1851685821.000001FE8F92E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1885347051.000001FE8FE55000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                high
                                                                                http://www.mozilla.com0gmpopenh264.dll.tmp.13.drfalse
                                                                                  high
                                                                                  https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.firefox.exe, 0000000D.00000003.1921792209.000001FEFF6AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1901590756.000001FEFF643000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1949041195.000001FEFF6B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1930019659.000001FEFF6AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1901590756.000001FEFF6AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.3573557257.00000205415CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3572663833.000001FA8E4E8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3577161708.000001C6C7803000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.13.drfalse
                                                                                    high
                                                                                    https://developer.mozilla.org/en-US/docs/Web/Web_Components/Using_custom_elements#using_the_lifecyclfirefox.exe, 0000000D.00000003.1789235082.000001FE96A55000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1885223121.000001FE96A4C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1788353843.000001FE96A57000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1871544776.000001FE96A49000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1788227783.000001FE96A57000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      high
                                                                                      https://merino.services.mozilla.com/api/v1/suggestfirefox.exe, 00000012.00000002.3573072841.000001C6C768F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        high
                                                                                        https://monitor.firefox.com/oauth/init?entrypoint=protection_report_monitor&utm_source=about-protectfirefox.exe, 0000000F.00000002.3572503919.00000205411F0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3575975489.000001FA8E960000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3572038819.000001C6C7230000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                          high
                                                                                          https://www.leboncoin.fr/firefox.exe, 0000000D.00000003.1933800282.000001FE969C3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            high
                                                                                            https://spocs.getpocket.com/spocsfirefox.exe, 0000000D.00000003.1943323630.000001FE8E660000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1901590756.000001FEFF643000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              high
                                                                                              https://completion.amazon.com/search/complete?q=firefox.exe, 0000000D.00000003.1750469216.000001FE8E777000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1749665388.000001FE8E500000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1749921112.000001FE8E71F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1750064306.000001FE8E73C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1750219188.000001FE8E75A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                high
                                                                                                https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/social-media-tracking-reportfirefox.exe, 0000000F.00000002.3572503919.00000205411F0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3575975489.000001FA8E960000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3572038819.000001C6C7230000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                  high
                                                                                                  https://identity.mozilla.com/ids/ecosystem_telemetryUfirefox.exe, 0000000D.00000003.1933134674.000001FE9844C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1904583643.000001FE9844C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    high
                                                                                                    https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/send-tabfirefox.exe, 0000000F.00000002.3572503919.00000205411F0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3575975489.000001FA8E960000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3572038819.000001C6C7230000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                      high
                                                                                                      https://monitor.firefox.com/breach-details/firefox.exe, 0000000F.00000002.3572503919.00000205411F0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3575975489.000001FA8E960000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3572038819.000001C6C7230000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                        high
                                                                                                        https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEMfirefox.exe, 0000000F.00000002.3572503919.00000205411F0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3575975489.000001FA8E960000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3572038819.000001C6C7230000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                          high
                                                                                                          https://www.amazon.com/exec/obidos/external-search/firefox.exe, 0000000D.00000003.1934226320.000001FE9692F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1749921112.000001FE8E71F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1750064306.000001FE8E73C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1750219188.000001FE8E75A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            high
                                                                                                            https://www.msn.comfirefox.exe, 0000000D.00000003.1935843580.000001FE91E70000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              high
                                                                                                              https://youtube.com-firefox.exe, 0000000D.00000003.1779953602.0000037E5DE80000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              • Avira URL Cloud: safe
                                                                                                              unknown
                                                                                                              https://github.com/mozilla-services/screenshotsfirefox.exe, 0000000D.00000003.1750469216.000001FE8E777000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1749665388.000001FE8E500000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1749921112.000001FE8E71F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1750064306.000001FE8E73C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1750219188.000001FE8E75A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                high
                                                                                                                https://services.addons.mozilla.org/api/v4/addons/addon/firefox.exe, 0000000F.00000002.3572503919.00000205411F0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3575975489.000001FA8E960000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3572038819.000001C6C7230000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                  high
                                                                                                                  https://tracking-protection-issues.herokuapp.com/newfirefox.exe, 0000000F.00000002.3572503919.00000205411F0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3575975489.000001FA8E960000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3572038819.000001C6C7230000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                    high
                                                                                                                    http://exslt.org/setsfirefox.exe, 0000000D.00000003.1930019659.000001FEFF68A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1901590756.000001FEFF68A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1921792209.000001FEFF68A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      high
                                                                                                                      https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/password-manager-reportfirefox.exe, 0000000F.00000002.3572503919.00000205411F0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3575975489.000001FA8E960000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3572038819.000001C6C7230000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                        high
                                                                                                                        https://youtube.com/firefox.exe, 0000000D.00000003.1950156628.000001FE920FD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1926626024.000001FE920FD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1938640209.000001FE9119E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1908207027.000001FE9119E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          high
                                                                                                                          https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94firefox.exe, 0000000D.00000003.1921792209.000001FEFF6AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1901590756.000001FEFF643000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1949041195.000001FEFF6B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1930019659.000001FEFF6AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1901590756.000001FEFF6AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.3573557257.00000205415CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3572663833.000001FA8E4E8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3577161708.000001C6C7803000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.13.drfalse
                                                                                                                            high
                                                                                                                            https://app.adjust.com/167k4ih?campaign=firefox-desktop&adgroup=pb&creative=focus-omc172&redirect=htfirefox.exe, 0000000D.00000003.1925055427.000001FE9A4CA000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              high
                                                                                                                              https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-reportfirefox.exe, 0000000F.00000002.3572503919.00000205411F0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3575975489.000001FA8E960000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3572038819.000001C6C7230000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                high
                                                                                                                                https://api.accounts.firefox.com/v1firefox.exe, 0000000F.00000002.3572503919.00000205411F0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3575975489.000001FA8E960000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3572038819.000001C6C7230000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                  high
                                                                                                                                  http://exslt.org/commonfirefox.exe, 0000000D.00000003.1930019659.000001FEFF68A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1901590756.000001FEFF68A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1921792209.000001FEFF68A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                    high
                                                                                                                                    https://www.amazon.com/firefox.exe, 0000000D.00000003.1934226320.000001FE9692F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                      high
                                                                                                                                      https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/firefox.exe, 0000000F.00000002.3572503919.00000205411F0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3575975489.000001FA8E960000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3572038819.000001C6C7230000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                        high
                                                                                                                                        https://monitor.firefox.com/?entrypoint=protection_report_monitor&utm_source=about-protectionsfirefox.exe, 0000000F.00000002.3572503919.00000205411F0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3575975489.000001FA8E960000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3572038819.000001C6C7230000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                          high
                                                                                                                                          https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&ctafirefox.exe, 0000000D.00000003.1921792209.000001FEFF6AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1901590756.000001FEFF643000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1949041195.000001FEFF6B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1930019659.000001FEFF6AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1901590756.000001FEFF6AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.3573557257.00000205415CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3572663833.000001FA8E4E8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3577161708.000001C6C7803000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.13.drfalse
                                                                                                                                            high
                                                                                                                                            https://www.youtube.com/firefox.exe, 0000000D.00000003.1934226320.000001FE9692F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3572663833.000001FA8E403000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3573072841.000001C6C760C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                              high
                                                                                                                                              https://bugzilla.mozilla.org/show_bug.cgi?id=1283601firefox.exe, 0000000D.00000003.1813105814.000001FE8F939000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                high
                                                                                                                                                https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shieldfirefox.exe, 0000000F.00000002.3572503919.00000205411F0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3575975489.000001FA8E960000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3572038819.000001C6C7230000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                  high
                                                                                                                                                  https://www.bbc.co.uk/firefox.exe, 0000000D.00000003.1933800282.000001FE969C3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                    high
                                                                                                                                                    https://addons.mozilla.org/firefox/addon/to-google-translate/firefox.exe, 0000000D.00000003.1931389122.000001FE9A4CA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1902869152.000001FE9A4CA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1925055427.000001FE9A4CA000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                      high
                                                                                                                                                      https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=firefox.exe, 00000012.00000002.3573072841.000001C6C76C4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                        high
                                                                                                                                                        http://127.0.0.1:firefox.exe, 0000000D.00000003.1907713421.000001FE91285000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1937929105.000001FE91285000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.3572503919.00000205411F0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3575975489.000001FA8E960000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3572038819.000001C6C7230000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                          high
                                                                                                                                                          https://bugzilla.mozilla.org/show_bug.cgi?id=1266220firefox.exe, 0000000D.00000003.1850813681.000001FE8F956000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1813105814.000001FE8F939000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                            high
                                                                                                                                                            https://searchfox.org/mozilla-central/source/toolkit/components/search/SearchUtils.jsm#145-152firefox.exe, 0000000D.00000003.1921520301.000001FE90429000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                              high
                                                                                                                                                              https://bugzilla.mofirefox.exe, 0000000D.00000003.1925055427.000001FE9A4CA000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                high
                                                                                                                                                                https://mitmdetection.services.mozilla.com/firefox.exe, 0000000F.00000002.3572503919.00000205411F0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3575975489.000001FA8E960000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3572038819.000001C6C7230000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                  high
                                                                                                                                                                  https://amazon.comfirefox.exe, 0000000D.00000003.1901590756.000001FEFF643000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                    high
                                                                                                                                                                    https://youtube.com/account?=recovery.jsonlz4.tmp.13.drfalse
                                                                                                                                                                      high
                                                                                                                                                                      https://spocs.getpocket.com/firefox.exe, 00000010.00000002.3572663833.000001FA8E45F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3573072841.000001C6C7613000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                        high
                                                                                                                                                                        https://services.addons.mozilla.org/api/v4/abuse/report/addon/firefox.exe, 0000000F.00000002.3572503919.00000205411F0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3575975489.000001FA8E960000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3572038819.000001C6C7230000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                          high
                                                                                                                                                                          https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%firefox.exe, 0000000F.00000002.3572503919.00000205411F0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3575975489.000001FA8E960000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3572038819.000001C6C7230000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                            high
                                                                                                                                                                            https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-ffirefox.exe, 0000000F.00000002.3572503919.00000205411F0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3575975489.000001FA8E960000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3572038819.000001C6C7230000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                              high
                                                                                                                                                                              https://www.iqiyi.com/firefox.exe, 0000000D.00000003.1933800282.000001FE969C3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                high
                                                                                                                                                                                https://support.mozilla.org/products/firefoxgro.allizom.troppus.places.sqlite-wal.13.drfalse
                                                                                                                                                                                  high
                                                                                                                                                                                  https://play.google.com/store/apps/details?id=org.mozilla.firefox&referrer=utm_source%3Dprotection_rfirefox.exe, 0000000F.00000002.3572503919.00000205411F0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3575975489.000001FA8E960000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3572038819.000001C6C7230000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                    high
                                                                                                                                                                                    https://monitor.firefox.com/user/breach-stats?includeResolved=truefirefox.exe, 0000000F.00000002.3572503919.00000205411F0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3575975489.000001FA8E960000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3572038819.000001C6C7230000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                      high
                                                                                                                                                                                      https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-reportfirefox.exe, 0000000F.00000002.3572503919.00000205411F0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3575975489.000001FA8E960000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3572038819.000001C6C7230000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                        high
                                                                                                                                                                                        https://safebrowsing.google.com/safebrowsing/diagnostic?site=firefox.exe, 0000000F.00000002.3572503919.00000205411F0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3575975489.000001FA8E960000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3572038819.000001C6C7230000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                          high
                                                                                                                                                                                          http://www.inbox.lv/rfc2368/?value=%sufirefox.exe, 0000000D.00000003.1921792209.000001FEFF654000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1901590756.000001FEFF654000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1930019659.000001FEFF654000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                            high
                                                                                                                                                                                            https://monitor.firefox.com/user/dashboardfirefox.exe, 0000000F.00000002.3572503919.00000205411F0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3575975489.000001FA8E960000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3572038819.000001C6C7230000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                              high
                                                                                                                                                                                              https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_IDfirefox.exe, 0000000F.00000002.3572503919.00000205411F0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3575975489.000001FA8E960000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3572038819.000001C6C7230000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                high
                                                                                                                                                                                                https://monitor.firefox.com/aboutfirefox.exe, 0000000F.00000002.3572503919.00000205411F0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3575975489.000001FA8E960000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3572038819.000001C6C7230000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                  high
                                                                                                                                                                                                  http://mozilla.org/MPL/2.0/.firefox.exe, 0000000D.00000003.1759330954.000001FE8FADA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1759776466.000001FE8FADA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1871544776.000001FE96A31000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1905995594.000001FE91E31000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1875870204.000001FE96AF2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1867643027.000001FE8EBD8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1940085049.000001FE8FADE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1933800282.000001FE969B8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1903917402.000001FE9A1B7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1886791758.000001FE8F9CF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1912401188.000001FE8F9C3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1920817765.000001FE9049A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1917787452.000001FE96F78000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1865085708.000001FE90EBF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1905995594.000001FE91E4A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1908207027.000001FE9115C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1867643027.000001FE8EBEA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1896000720.000001FE96F77000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1928058762.000001FE8E85E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1788783460.000001FE96A43000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1925831523.000001FE969B8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    high
                                                                                                                                                                                                    https://account.bellmedia.cfirefox.exe, 0000000D.00000003.1935843580.000001FE91E70000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      high
                                                                                                                                                                                                      https://login.microsoftonline.comfirefox.exe, 0000000D.00000003.1907017513.000001FE914C3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1935843580.000001FE91E70000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                        high
                                                                                                                                                                                                        https://coverage.mozilla.orgfirefox.exe, 0000000F.00000002.3572503919.00000205411F0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3575975489.000001FA8E960000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3572038819.000001C6C7230000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                          high
                                                                                                                                                                                                          http://crl.thawte.com/ThawteTimestampingCA.crl0gmpopenh264.dll.tmp.13.drfalse
                                                                                                                                                                                                            high
                                                                                                                                                                                                            http://x1.c.lencr.org/0firefox.exe, 0000000D.00000003.1912950740.000001FE99D32000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              high
                                                                                                                                                                                                              http://x1.i.lencr.org/0firefox.exe, 0000000D.00000003.1912950740.000001FE99D32000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                high
                                                                                                                                                                                                                https://infra.spec.whatwg.org/#ascii-whitespacefirefox.exe, 0000000D.00000003.1789235082.000001FE96A55000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1885223121.000001FE96A4C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1788353843.000001FE96A57000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1871544776.000001FE96A49000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                  high
                                                                                                                                                                                                                  https://blocked.cdn.mozilla.net/firefox.exe, 0000000F.00000002.3572503919.00000205411F0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3575975489.000001FA8E960000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3572038819.000001C6C7230000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                    high
                                                                                                                                                                                                                    https://profiler.firefox.comfirefox.exe, 0000000F.00000002.3572503919.00000205411F0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3575975489.000001FA8E960000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3572038819.000001C6C7230000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                      high
                                                                                                                                                                                                                      https://outlook.live.com/default.aspx?rru=compose&to=%sfirefox.exe, 0000000D.00000003.1756532354.000001FE8C91A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1920945552.000001FE8C934000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1940836290.000001FE8C934000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1756618073.000001FE8C932000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1918718361.000001FE8C939000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1756129232.000001FE8C933000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                        high
                                                                                                                                                                                                                        https://mozilla.cloudflare-dns.com/dns-queryfirefox.exe, 0000000F.00000002.3572503919.00000205411F0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3575975489.000001FA8E960000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3572038819.000001C6C7230000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                          high
                                                                                                                                                                                                                          https://support.mozilla.org/kb/refresh-firefox-reset-add-ons-and-settings2firefox.exe, 0000000D.00000003.1935843580.000001FE91E76000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1905054219.000001FE91E76000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                            high
                                                                                                                                                                                                                            https://bugzilla.mozilla.org/show_bug.cgi?id=1678448firefox.exe, 0000000D.00000003.1851190227.000001FE8F95F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1813105814.000001FE8F939000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                              high
                                                                                                                                                                                                                              https://mail.yahoo.co.jp/compose/?To=%sfirefox.exe, 0000000D.00000003.1756532354.000001FE8C91A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1920945552.000001FE8C934000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1940836290.000001FE8C934000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1756618073.000001FE8C932000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1918718361.000001FE8C939000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1756129232.000001FE8C933000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                high
                                                                                                                                                                                                                                https://addons.mozilla.org/firefox/addon/reddit-enhancement-suite/firefox.exe, 0000000D.00000003.1931389122.000001FE9A4CA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1902869152.000001FE9A4CA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1925055427.000001FE9A4CA000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                  high
                                                                                                                                                                                                                                  https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpgfirefox.exe, 0000000D.00000003.1921792209.000001FEFF6AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1901590756.000001FEFF643000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1949041195.000001FEFF6B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1930019659.000001FEFF6AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1901590756.000001FEFF6AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.3573557257.00000205415CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3572663833.000001FA8E4E8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3577161708.000001C6C7803000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.13.drfalse
                                                                                                                                                                                                                                    high
                                                                                                                                                                                                                                    https://contile.services.mozilla.com/v1/tilesfirefox.exe, 0000000D.00000003.1934226320.000001FE9692F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.3572503919.00000205411F0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3575975489.000001FA8E960000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3572038819.000001C6C7230000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                      high
                                                                                                                                                                                                                                      https://www.amazon.co.uk/firefox.exe, 0000000D.00000003.1933800282.000001FE969C3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                        high
                                                                                                                                                                                                                                        https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/firefox.exe, 0000000D.00000003.1924330393.000001FE9A896000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1912072645.000001FE9A896000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                          high
                                                                                                                                                                                                                                          https://monitor.firefox.com/user/preferencesfirefox.exe, 0000000F.00000002.3572503919.00000205411F0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3575975489.000001FA8E960000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3572038819.000001C6C7230000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                            high
                                                                                                                                                                                                                                            https://screenshots.firefox.com/firefox.exe, 0000000D.00000003.1750219188.000001FE8E75A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                              high
                                                                                                                                                                                                                                              https://www.google.com/searchfirefox.exe, 0000000D.00000003.1934226320.000001FE9692F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1749921112.000001FE8E71F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1750064306.000001FE8E73C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1750219188.000001FE8E75A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                high
                                                                                                                                                                                                                                                https://relay.firefox.com/api/v1/firefox.exe, 0000000F.00000002.3572503919.00000205411F0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3575975489.000001FA8E960000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3572038819.000001C6C7230000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                                  high
                                                                                                                                                                                                                                                  https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/tracking-content-reportfirefox.exe, 0000000F.00000002.3572503919.00000205411F0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3575975489.000001FA8E960000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3572038819.000001C6C7230000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                                    high
                                                                                                                                                                                                                                                    https://topsites.services.mozilla.com/cid/firefox.exe, 0000000F.00000002.3572503919.00000205411F0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3575975489.000001FA8E960000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3572038819.000001C6C7230000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                                      high
                                                                                                                                                                                                                                                      https://www.wykop.pl/firefox.exe, 0000000D.00000003.1935527989.000001FE9232F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                        high
                                                                                                                                                                                                                                                        https://twitter.com/firefox.exe, 0000000D.00000003.1934226320.000001FE9692F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                          high
                                                                                                                                                                                                                                                          https://www.olx.pl/firefox.exe, 0000000D.00000003.1935527989.000001FE9232F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                            high
                                                                                                                                                                                                                                                            https://bugzilla.mozilla.org/show_bug.cgi?id=1193802firefox.exe, 0000000D.00000003.1813105814.000001FE8F939000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                              high
                                                                                                                                                                                                                                                              https://poczta.interia.pl/mh/?mailto=%sfirefox.exe, 0000000D.00000003.1756532354.000001FE8C91A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1920945552.000001FE8C934000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1940836290.000001FE8C934000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1756618073.000001FE8C932000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1918718361.000001FE8C939000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1756129232.000001FE8C933000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                high
                                                                                                                                                                                                                                                                https://www.google.com/complete/searchfirefox.exe, 0000000D.00000003.1788069984.000001FE96A55000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1788934602.000001FE8EFEC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                  high
                                                                                                                                                                                                                                                                  https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpgfirefox.exe, 0000000D.00000003.1921792209.000001FEFF6AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1901590756.000001FEFF643000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1949041195.000001FEFF6B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1930019659.000001FEFF6AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1901590756.000001FEFF6AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.3573557257.00000205415CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3572663833.000001FA8E4E8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3577161708.000001C6C7803000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.13.drfalse
                                                                                                                                                                                                                                                                    high
                                                                                                                                                                                                                                                                    https://github.com/google/closure-compiler/issues/3177firefox.exe, 0000000D.00000003.1789235082.000001FE96A55000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1885223121.000001FE96A4C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1788353843.000001FE96A57000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1871544776.000001FE96A49000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1788227783.000001FE96A57000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                      high
                                                                                                                                                                                                                                                                      https://getpocket.com/recommendationsfirefox.exe, 00000012.00000002.3573072841.000001C6C76C4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                        high
                                                                                                                                                                                                                                                                        • No. of IPs < 25%
                                                                                                                                                                                                                                                                        • 25% < No. of IPs < 50%
                                                                                                                                                                                                                                                                        • 50% < No. of IPs < 75%
                                                                                                                                                                                                                                                                        • 75% < No. of IPs
                                                                                                                                                                                                                                                                        IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                                                                        142.250.185.206
                                                                                                                                                                                                                                                                        youtube.comUnited States
                                                                                                                                                                                                                                                                        15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                        151.101.1.91
                                                                                                                                                                                                                                                                        services.addons.mozilla.orgUnited States
                                                                                                                                                                                                                                                                        54113FASTLYUSfalse
                                                                                                                                                                                                                                                                        34.149.100.209
                                                                                                                                                                                                                                                                        prod.remote-settings.prod.webservices.mozgcp.netUnited States
                                                                                                                                                                                                                                                                        2686ATGS-MMD-ASUSfalse
                                                                                                                                                                                                                                                                        34.107.243.93
                                                                                                                                                                                                                                                                        push.services.mozilla.comUnited States
                                                                                                                                                                                                                                                                        15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                        34.107.221.82
                                                                                                                                                                                                                                                                        prod.detectportal.prod.cloudops.mozgcp.netUnited States
                                                                                                                                                                                                                                                                        15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                        35.244.181.201
                                                                                                                                                                                                                                                                        prod.balrog.prod.cloudops.mozgcp.netUnited States
                                                                                                                                                                                                                                                                        15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                        34.117.188.166
                                                                                                                                                                                                                                                                        contile.services.mozilla.comUnited States
                                                                                                                                                                                                                                                                        139070GOOGLE-AS-APGoogleAsiaPacificPteLtdSGfalse
                                                                                                                                                                                                                                                                        35.201.103.21
                                                                                                                                                                                                                                                                        normandy-cdn.services.mozilla.comUnited States
                                                                                                                                                                                                                                                                        15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                        35.190.72.216
                                                                                                                                                                                                                                                                        prod.classify-client.prod.webservices.mozgcp.netUnited States
                                                                                                                                                                                                                                                                        15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                        34.160.144.191
                                                                                                                                                                                                                                                                        prod.content-signature-chains.prod.webservices.mozgcp.netUnited States
                                                                                                                                                                                                                                                                        2686ATGS-MMD-ASUSfalse
                                                                                                                                                                                                                                                                        34.120.208.123
                                                                                                                                                                                                                                                                        telemetry-incoming.r53-2.services.mozilla.comUnited States
                                                                                                                                                                                                                                                                        15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                        IP
                                                                                                                                                                                                                                                                        127.0.0.1
                                                                                                                                                                                                                                                                        Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                                                                                        Analysis ID:1559009
                                                                                                                                                                                                                                                                        Start date and time:2024-11-20 03:27:46 +01:00
                                                                                                                                                                                                                                                                        Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                                                                        Overall analysis duration:0h 8m 10s
                                                                                                                                                                                                                                                                        Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                                                                        Report type:full
                                                                                                                                                                                                                                                                        Cookbook file name:default.jbs
                                                                                                                                                                                                                                                                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                                                                                        Run name:Run with higher sleep bypass
                                                                                                                                                                                                                                                                        Number of analysed new started processes analysed:22
                                                                                                                                                                                                                                                                        Number of new started drivers analysed:0
                                                                                                                                                                                                                                                                        Number of existing processes analysed:0
                                                                                                                                                                                                                                                                        Number of existing drivers analysed:0
                                                                                                                                                                                                                                                                        Number of injected processes analysed:0
                                                                                                                                                                                                                                                                        Technologies:
                                                                                                                                                                                                                                                                        • HCA enabled
                                                                                                                                                                                                                                                                        • EGA enabled
                                                                                                                                                                                                                                                                        • AMSI enabled
                                                                                                                                                                                                                                                                        Analysis Mode:default
                                                                                                                                                                                                                                                                        Analysis stop reason:Timeout
                                                                                                                                                                                                                                                                        Sample name:file.exe
                                                                                                                                                                                                                                                                        Detection:MAL
                                                                                                                                                                                                                                                                        Classification:mal72.troj.evad.winEXE@35/41@71/12
                                                                                                                                                                                                                                                                        EGA Information:
                                                                                                                                                                                                                                                                        • Successful, ratio: 50%
                                                                                                                                                                                                                                                                        HCA Information:
                                                                                                                                                                                                                                                                        • Successful, ratio: 94%
                                                                                                                                                                                                                                                                        • Number of executed functions: 41
                                                                                                                                                                                                                                                                        • Number of non-executed functions: 310
                                                                                                                                                                                                                                                                        Cookbook Comments:
                                                                                                                                                                                                                                                                        • Found application associated with file extension: .exe
                                                                                                                                                                                                                                                                        • Sleeps bigger than 100000000ms are automatically reduced to 1000ms
                                                                                                                                                                                                                                                                        • Sleep loops longer than 100000000ms are bypassed. Single calls with delay of 100000000ms and higher are ignored
                                                                                                                                                                                                                                                                        • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
                                                                                                                                                                                                                                                                        • Excluded IPs from analysis (whitelisted): 35.80.238.59, 35.164.125.63, 52.12.64.98, 142.250.186.74, 142.250.185.138, 216.58.206.78, 2.22.61.59, 2.22.61.56, 172.217.16.206
                                                                                                                                                                                                                                                                        • Excluded domains from analysis (whitelisted): fs.microsoft.com, shavar.prod.mozaws.net, ciscobinary.openh264.org, slscr.update.microsoft.com, otelrules.azureedge.net, incoming.telemetry.mozilla.org, ctldl.windowsupdate.com, a17.rackcdn.com.mdc.edgesuite.net, detectportal.prod.mozaws.net, aus5.mozilla.org, fe3cr.delivery.mp.microsoft.com, a19.dscg10.akamai.net, ocsp.digicert.com, redirector.gvt1.com, safebrowsing.googleapis.com, location.services.mozilla.com
                                                                                                                                                                                                                                                                        • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                                                                                        • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                                                                                                        • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                                                                                                                        • Report size getting too big, too many NtCreateFile calls found.
                                                                                                                                                                                                                                                                        • Report size getting too big, too many NtOpenFile calls found.
                                                                                                                                                                                                                                                                        • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                                                                                                                                                                                                                        • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                                                                                                                                                        No simulations
                                                                                                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                        34.117.188.166file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                            file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                              file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                          151.101.1.91file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                            file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                                                                                              file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                            file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                              34.149.100.209file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                                                                                                                            file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                              file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                34.160.144.191file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                            file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                                                                                                                                              file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                                                                                  example.orgfile.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                  • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                  • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                  • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                  • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                  • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                  • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                                                                                                                                                  • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                  • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                  • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                                  services.addons.mozilla.orgfile.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                  • 151.101.193.91
                                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                  • 151.101.65.91
                                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                  • 151.101.193.91
                                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                  • 151.101.129.91
                                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                  • 151.101.65.91
                                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                  • 151.101.1.91
                                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                                                                                                                                                  • 151.101.1.91
                                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                  • 151.101.129.91
                                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                  • 151.101.129.91
                                                                                                                                                                                                                                                                                                                                                  twitter.comfile.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                  • 104.244.42.65
                                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                  • 104.244.42.129
                                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                  • 104.244.42.65
                                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                  • 104.244.42.65
                                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                  • 104.244.42.193
                                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                  • 104.244.42.129
                                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                                                                                                                                                  • 104.244.42.129
                                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                  • 104.244.42.65
                                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                  • 104.244.42.129
                                                                                                                                                                                                                                                                                                                                                  star-mini.c10r.facebook.comfile.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                  • 157.240.251.35
                                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                  • 157.240.0.35
                                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                  • 157.240.253.35
                                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                  • 157.240.253.35
                                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                  • 157.240.0.35
                                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                  • 157.240.0.35
                                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                                                                                                                                                  • 157.240.241.35
                                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                  • 157.240.0.35
                                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                  • 157.240.241.35
                                                                                                                                                                                                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                                                                                  FASTLYUShttps://estudioit.cl/starl/#ZGVicmEuY2FydGVyQGNhc2EuZ292LmF1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                  • 151.101.194.137
                                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                  • 151.101.193.91
                                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                  • 151.101.65.91
                                                                                                                                                                                                                                                                                                                                                  https://mkwomens.com/iuefoiuherjhkjf/iuyrijkfjkoifjoijreiwiw/e9c4710345f07b1cf048900d092f8cdc/YW5nZWxhLnN1bW1lcnNieUBhc2h1cnN0LmNvbQ==Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                  • 151.101.66.137
                                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                  • 151.101.193.91
                                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                  • 151.101.129.91
                                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                  • 151.101.65.91
                                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                  • 151.101.1.91
                                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                                                                                                                                                  • 151.101.1.91
                                                                                                                                                                                                                                                                                                                                                  GOOGLE-AS-APGoogleAsiaPacificPteLtdSGfile.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                                                                                                                                                                                                                                                                                                                  • 34.116.198.130
                                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                  • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                  • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                                                                                                                                                  • 34.116.198.130
                                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                  • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                  • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                  • 34.116.198.130
                                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC StealerBrowse
                                                                                                                                                                                                                                                                                                                                                  • 34.116.198.130
                                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                  • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                                  ATGS-MMD-ASUSfile.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                  • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                  • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                  • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                  • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                  • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                  • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                                  https://usapress.info/inside-the-last-words-of-dan-haggerty-aka-grizzly-adams-and-why-he-had-to-pull-the-plug-on-his-wife-of-20-years/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                  • 34.13.138.208
                                                                                                                                                                                                                                                                                                                                                  https://l.facebook.com/l.php?u=https%3A%2F%2Fusapress.info%2Finside-the-last-words-of-dan-haggerty-aka-grizzly-adams-and-why-he-had-to-pull-the-plug-on-his-wife-of-20-years%2F%3Ffbclid%3DIwZXh0bgNhZW0CMTAAAR0r3IVxCUPtQPPqP5Ce0_adoAsiHgG3Oy1cYDq3k1JXBIrTGLtjToxlazM_aem_q02YsKkKY0QB_fm5suzUDw&h=AT1Xo_CkNlagO29_sds-m5zdTBZ6-H70m0J__7wjjmSNinwNGqBfRUFK3cH2zXJWNO7msrJPRkNulrkTmUCLkRNMcfCJTNK-cs4SfUQyRy7nw3vP1DNmFisBvlttaen8fHfi-N3lXN_BGQgdBw&__tn__=R%5D-R&c%5B0%5D=AT3euz91upHKeMVK8p24ktUFKClJ0GKt_3lJnV9tGakx0Tro3u7Ymk1z4tOG4eBZxcuD-Ny10eAla4iUyfdG04Fh4GryHwAMuELGG4dQctfWKiu4mfB-eLJ8Qktnq0ptzD_TaZEPEMHQnvP4W65jDpc-XBmWlMSmaRM-2soPhaPGYAODWegqP8h47S90Q2hmwQvQgUDdb35OgV1duzzqudMAyOk7e8E7mfpnrlwhIvWwUkK53AUNuPTqYkQGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                  • 57.128.187.108
                                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                                                                                                                                                  • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                                  ATGS-MMD-ASUSfile.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                  • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                  • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                  • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                  • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                  • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                  • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                                  https://usapress.info/inside-the-last-words-of-dan-haggerty-aka-grizzly-adams-and-why-he-had-to-pull-the-plug-on-his-wife-of-20-years/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                  • 34.13.138.208
                                                                                                                                                                                                                                                                                                                                                  https://l.facebook.com/l.php?u=https%3A%2F%2Fusapress.info%2Finside-the-last-words-of-dan-haggerty-aka-grizzly-adams-and-why-he-had-to-pull-the-plug-on-his-wife-of-20-years%2F%3Ffbclid%3DIwZXh0bgNhZW0CMTAAAR0r3IVxCUPtQPPqP5Ce0_adoAsiHgG3Oy1cYDq3k1JXBIrTGLtjToxlazM_aem_q02YsKkKY0QB_fm5suzUDw&h=AT1Xo_CkNlagO29_sds-m5zdTBZ6-H70m0J__7wjjmSNinwNGqBfRUFK3cH2zXJWNO7msrJPRkNulrkTmUCLkRNMcfCJTNK-cs4SfUQyRy7nw3vP1DNmFisBvlttaen8fHfi-N3lXN_BGQgdBw&__tn__=R%5D-R&c%5B0%5D=AT3euz91upHKeMVK8p24ktUFKClJ0GKt_3lJnV9tGakx0Tro3u7Ymk1z4tOG4eBZxcuD-Ny10eAla4iUyfdG04Fh4GryHwAMuELGG4dQctfWKiu4mfB-eLJ8Qktnq0ptzD_TaZEPEMHQnvP4W65jDpc-XBmWlMSmaRM-2soPhaPGYAODWegqP8h47S90Q2hmwQvQgUDdb35OgV1duzzqudMAyOk7e8E7mfpnrlwhIvWwUkK53AUNuPTqYkQGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                  • 57.128.187.108
                                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                                                                                                                                                  • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                                                                                  fb0aa01abe9d8e4037eb3473ca6e2dcafile.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                  • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                                  • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                                  • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                                  • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                                  • 151.101.1.91
                                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                  • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                                  • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                                  • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                                  • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                                  • 151.101.1.91
                                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                  • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                                  • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                                  • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                                  • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                                  • 151.101.1.91
                                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                  • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                                  • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                                  • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                                  • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                                  • 151.101.1.91
                                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                  • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                                  • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                                  • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                                  • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                                  • 151.101.1.91
                                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                  • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                                  • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                                  • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                                  • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                                  • 151.101.1.91
                                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                                                                                                                                                  • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                                  • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                                  • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                                  • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                                  • 151.101.1.91
                                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                  • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                                  • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                                  • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                                  • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                                  • 151.101.1.91
                                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                  • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                                  • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                                  • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                                  • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                                  • 151.101.1.91
                                                                                                                                                                                                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmpfile.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                            file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                              file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                                                                                                                                                                file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                            file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                              file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                                file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):7813
                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.179147671786377
                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:192:ewOjMX9JKcbhbVbTbfbRbObtbyEl7ncrJxJA6WnSrDtTUd/SkDrC:zOYGcNhnzFSJ8rJsBnSrDhUd/Y
                                                                                                                                                                                                                                                                                                                                                                                      MD5:2A25D6022F620CB30E531993F3850810
                                                                                                                                                                                                                                                                                                                                                                                      SHA1:40024D20CE0B3D1B44685E8B0878C9BCBCDFE6CB
                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:81D9C7FE563C850C1C0733E64F884DDB39AE8C110B7C77C3FEFD417FBC9C0CE4
                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:EC0BC7C82B5B15F30B48C40F666B18E9FCD961AD71450D85EA4BCED02D632F8DDBC1DE25EA1C20E8F961E3C550283FA3504D4369AAF2BC8F3D597D663E6B37D8
                                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                      Preview:{"type":"uninstall","id":"7003dbea-bccc-40ed-88a0-615c37b0a6cf","creationDate":"2024-11-20T03:47:45.538Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"otherInstalls":0},"clientId":"65e71c9e-6ac3-4903-9066-b134350de32c","environment":{"build":{"applicationId":"{ec8030f7-c20a-464f-9b0e-13a3a9e97384}","applicationName":"Firefox","architecture":"x86-64","buildId":"20230927232528","version":"118.0.1","vendor":"Mozilla","displayVersion":"118.0.1","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","updaterAvailable":true},"partner":{"distributionId":null,"distributionVersion":null,"partnerId":null,"distributor":null,"distributorChannel":null,"partnerNames":[]},"system":{"memoryMB":8191,"virtualMaxMB":134217728,"cpu":{"isWindowsSMode":false,"count":4,"cores":2,"vendor":"GenuineIntel","name":"I
                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):7813
                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.179147671786377
                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:192:ewOjMX9JKcbhbVbTbfbRbObtbyEl7ncrJxJA6WnSrDtTUd/SkDrC:zOYGcNhnzFSJ8rJsBnSrDhUd/Y
                                                                                                                                                                                                                                                                                                                                                                                      MD5:2A25D6022F620CB30E531993F3850810
                                                                                                                                                                                                                                                                                                                                                                                      SHA1:40024D20CE0B3D1B44685E8B0878C9BCBCDFE6CB
                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:81D9C7FE563C850C1C0733E64F884DDB39AE8C110B7C77C3FEFD417FBC9C0CE4
                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:EC0BC7C82B5B15F30B48C40F666B18E9FCD961AD71450D85EA4BCED02D632F8DDBC1DE25EA1C20E8F961E3C550283FA3504D4369AAF2BC8F3D597D663E6B37D8
                                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                      Preview:{"type":"uninstall","id":"7003dbea-bccc-40ed-88a0-615c37b0a6cf","creationDate":"2024-11-20T03:47:45.538Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"otherInstalls":0},"clientId":"65e71c9e-6ac3-4903-9066-b134350de32c","environment":{"build":{"applicationId":"{ec8030f7-c20a-464f-9b0e-13a3a9e97384}","applicationName":"Firefox","architecture":"x86-64","buildId":"20230927232528","version":"118.0.1","vendor":"Mozilla","displayVersion":"118.0.1","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","updaterAvailable":true},"partner":{"distributionId":null,"distributionVersion":null,"partnerId":null,"distributor":null,"distributorChannel":null,"partnerNames":[]},"system":{"memoryMB":8191,"virtualMaxMB":134217728,"cpu":{"isWindowsSMode":false,"count":4,"cores":2,"vendor":"GenuineIntel","name":"I
                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                      File Type:MS Windows icon resource - 1 icon, 16x16 with PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced, 24 bits/pixel
                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):490
                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):7.246483341090937
                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:12:l8v/7J2T+gwjz+vdzLSMO9mj253UT3BcHXhJo:82CgwS//O91iT3BUXh6
                                                                                                                                                                                                                                                                                                                                                                                      MD5:BD9751DFFFEFFA2154CC5913489ED58C
                                                                                                                                                                                                                                                                                                                                                                                      SHA1:1C9230053C45CA44883103A6ACFDF49AC53ABF45
                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:834C4F18E96CFDAA395246183DE76032F1B77886764CEEBE52F6A146FA4D4C3B
                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:01072F60F4B2489BB84639A6179A82A3EA90A31C1AD61D30EF27800C3114DB5E45662583E1C0B5382F51635DC14372EFC71DCD069999D6B21A5D256C70697790
                                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                      Preview:.......................PNG........IHDR................a....IDAT8O...1P......p....d1.....v)......p.nXM.t.H.(.......B$..}_G.{.......:uN...=......s|.$...`0.....dl6.>>>p.\.v;z.......F.a:.2..D.V.....V..n...g.z.X..C...v.......=.H..d..P*...i.."...X,.B...h...xyy.V....I$..J%r....6....Z-:...P..J..........|>'...P.\&.....l6....N5...Z.x<.....h.z..'@...L&.F..'.Jq<...m6.OOO.....$..r:.......v..V..ze.\.p.R..t.Z.....r...B...3.B..0...T*E".p8.D0..`2.D.j...h..n...wF...........#......O....IEND.B`.
                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                      File Type:ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]
                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):32768
                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):0.4593089050301797
                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:48:9SP0nUgwyZXYI65yFRX2D3GNTTfyn0Mk1iA:9SDKaIjo3UzyE1L
                                                                                                                                                                                                                                                                                                                                                                                      MD5:D910AD167F0217587501FDCDB33CC544
                                                                                                                                                                                                                                                                                                                                                                                      SHA1:2F57441CEFDC781011B53C1C5D29AC54835AFC1D
                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:E3699D9404A3FFC1AFF0CA8A3972DC0EF38BDAB927741E9F627C7C55CEA42E81
                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:F1871BF28FF25EE52BDB99C7A80AB715C7CAC164DCD2FD87E681168EE927FD2C5E80E03C91BB638D955A4627213BF575FF4D9EECAEDA7718C128CF2CE8F7CB3D
                                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                      Preview:... ftypisom....isomiso2avc1mp41....free....mdat..........E...H..,. .#..x264 - core 152 r2851 ba24899 - H.264/MPEG-4 AVC codec - Copyleft 2003-2017 - http://www.videolan.org/x264.html - options: cabac=1 ref=3 deblock=1:0:0 analyse=0x3:0x113 me=hex subme=7 psy=1 psy_rd=1.00:0.00 mixed_ref=1 me_range=16 chroma_me=1 trellis=1 8x8dct=1 cqm=0 deadzone=21,11 fast_pskip=1 chroma_qp_offset=-2 threads=4 lookahead_threads=1 sliced_threads=0 nr=0 decimate=1 interlaced=0 bluray_compat=0 constrained_intra=0 bframes=3 b_pyramid=2 b_adapt=1 b_bias=0 direct=1 weightb=1 open_gop=0 weightp=2 keyint=250 keyint_min=25 scenecut=40 intra_refresh=0 rc_lookahead=40 rc=crf mbtree=1 crf=23.0 qcomp=0.60 qpmin=0 qpmax=69 qpstep=4 ip_ratio=1.40 aq=1:1.00......e...+...s|.kG3...'.u.."...,J.w.~.d\..(K....!.+..;....h....(.T.*...M......0..~L..8..B..A.y..R..,.zBP.';j.@.].w..........c......C=.'f....gI.$^.......m5V.L...{U..%V[....8......B..i..^,....:...,..5.m.%dA....moov...lmvhd...................(...........
                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                      File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):453023
                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):7.997718157581587
                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:12288:tESTeqTI2r4ZbCgUKWKNeRcPMb6qlV7hVZe3:tEsed2Xh9/bdzZe3
                                                                                                                                                                                                                                                                                                                                                                                      MD5:85430BAED3398695717B0263807CF97C
                                                                                                                                                                                                                                                                                                                                                                                      SHA1:FFFBEE923CEA216F50FCE5D54219A188A5100F41
                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:A9F4281F82B3579581C389E8583DC9F477C7FD0E20C9DFC91A2E611E21E3407E
                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:06511F1F6C6D44D076B3C593528C26A602348D9C41689DBF5FF716B671C3CA5756B12CB2E5869F836DEDCE27B1A5CFE79B93C707FD01F8E84B620923BB61B5F1
                                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                      Preview:PK.........bN...R..........gmpopenh264.dll..|.E.0.=..I.....1....4f1q.`.........q.....'+....h*m{.z..o_.{w........$..($A!...|L...B&A2.s.{..Dd......c.U.U..9u.S...K.l`...../.d.-....|.....&....9......wn..x......i.#O.+.Y.l......+....,3.3f..\..c.SSS,............N...GG...F.'.&.:'.K.Z&.>.@.g..M...M.`...*.........ZR....^jg.G.Kb.o~va.....<Z..1.#.O.e.....D..X..i..$imBW..Q&.......P.....,M.,..:.c...-...\......*.....-i.K.I..4.a..6..*...Ov=...W..F.CH.>...a.'.x...#@f...d..u.1....OV.1o}....g.5.._.3.J.Hi.Z.ipM....b.Z....%.G..F................/..3.q..J.....o...%.g.N.*.}..).3.N%.!..q*........^I.m..~...6.#.~+.....A...I]r...x..*.<IYj....p0..`S.M@.E..f.=.;!.@.....E..E....... .0.n....Jd..d......uM.-.qI.lR..z..=}..r.D.XLZ....x.$..|c.1.cUkM.&.Qn]..a]t.h..*.!.6 7..Jd.DvKJ"Wgd*%n...w...Jni.inmr.@M.$'Z.s....#)%..Rs..:.h....R....\..t.6..'.g.........Uj+F.cr:|..!..K.W.Y...17......,....r.....>.N..3.R.Y.._\...Ir.DNJdM... .k...&V-....z.%...-...D..i..&...6....7.2T).>..0..%.&.
                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):5488
                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):3.3077502459434722
                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:24:hldfz1AE7TIUx2dWoM15WLN8zm8ldfz1AE7swM+bpoqdWoM15WLFX1Rgm+ldfz16:hldCPUgdwDzzldC56BdwF9ldC5adwH1
                                                                                                                                                                                                                                                                                                                                                                                      MD5:D6AC54FA40AE119F055CC0C39C416EAF
                                                                                                                                                                                                                                                                                                                                                                                      SHA1:031ACD6E85A5A3DC0E5430FA4FEA2A9748DF4E85
                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:975C69B321162A173AC8A4BEFB8BF8F26018C4A6002094F9B484BDB31ADE2470
                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:A52772B10E0160AC820477418572BA743A33B8A9CD867C805596B1084801E5291B193A5BF86D13425CCE71833CDE3A67A3491F8E99F58C2C762BA0F67D5791B0
                                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                      Preview:...................................FL..................F.@.. ...p.......G.L..:..........S...........................P.O. .:i.....+00.../C:\.....................1.....DW.V..PROGRA~1..t......O.ItY......B...............J.....i...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....h.1.....CW.X..MOZILL~1..P......CW}WtY..............................>.M.o.z.i.l.l.a. .F.i.r.e.f.o.x.....b.2..S..<W,. .firefox.exe.H......CW}WtY................................f.i.r.e.f.o.x...e.x.e.......[...............-.......Z...........o.-......C:\Program Files\Mozilla Firefox\firefox.exe....O.p.e.n. .a. .n.e.w. .b.r.o.w.s.e.r. .t.a.b.....-.n.e.w.-.t.a.b. .a.b.o.u.t.:.b.l.a.n.k.,.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.M.o.z.i.l.l.a. .F.i.r.e.f.o.x.\.f.i.r.e.f.o.x...e.x.e.........%ProgramFiles%\Mozilla Firefox\firefox.exe................................................................................................................................................................................
                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):5488
                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):3.3077502459434722
                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:24:hldfz1AE7TIUx2dWoM15WLN8zm8ldfz1AE7swM+bpoqdWoM15WLFX1Rgm+ldfz16:hldCPUgdwDzzldC56BdwF9ldC5adwH1
                                                                                                                                                                                                                                                                                                                                                                                      MD5:D6AC54FA40AE119F055CC0C39C416EAF
                                                                                                                                                                                                                                                                                                                                                                                      SHA1:031ACD6E85A5A3DC0E5430FA4FEA2A9748DF4E85
                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:975C69B321162A173AC8A4BEFB8BF8F26018C4A6002094F9B484BDB31ADE2470
                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:A52772B10E0160AC820477418572BA743A33B8A9CD867C805596B1084801E5291B193A5BF86D13425CCE71833CDE3A67A3491F8E99F58C2C762BA0F67D5791B0
                                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                      Preview:...................................FL..................F.@.. ...p.......G.L..:..........S...........................P.O. .:i.....+00.../C:\.....................1.....DW.V..PROGRA~1..t......O.ItY......B...............J.....i...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....h.1.....CW.X..MOZILL~1..P......CW}WtY..............................>.M.o.z.i.l.l.a. .F.i.r.e.f.o.x.....b.2..S..<W,. .firefox.exe.H......CW}WtY................................f.i.r.e.f.o.x...e.x.e.......[...............-.......Z...........o.-......C:\Program Files\Mozilla Firefox\firefox.exe....O.p.e.n. .a. .n.e.w. .b.r.o.w.s.e.r. .t.a.b.....-.n.e.w.-.t.a.b. .a.b.o.u.t.:.b.l.a.n.k.,.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.M.o.z.i.l.l.a. .F.i.r.e.f.o.x.\.f.i.r.e.f.o.x...e.x.e.........%ProgramFiles%\Mozilla Firefox\firefox.exe................................................................................................................................................................................
                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):5488
                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):3.3077502459434722
                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:24:hldfz1AE7TIUx2dWoM15WLN8zm8ldfz1AE7swM+bpoqdWoM15WLFX1Rgm+ldfz16:hldCPUgdwDzzldC56BdwF9ldC5adwH1
                                                                                                                                                                                                                                                                                                                                                                                      MD5:D6AC54FA40AE119F055CC0C39C416EAF
                                                                                                                                                                                                                                                                                                                                                                                      SHA1:031ACD6E85A5A3DC0E5430FA4FEA2A9748DF4E85
                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:975C69B321162A173AC8A4BEFB8BF8F26018C4A6002094F9B484BDB31ADE2470
                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:A52772B10E0160AC820477418572BA743A33B8A9CD867C805596B1084801E5291B193A5BF86D13425CCE71833CDE3A67A3491F8E99F58C2C762BA0F67D5791B0
                                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                      Preview:...................................FL..................F.@.. ...p.......G.L..:..........S...........................P.O. .:i.....+00.../C:\.....................1.....DW.V..PROGRA~1..t......O.ItY......B...............J.....i...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....h.1.....CW.X..MOZILL~1..P......CW}WtY..............................>.M.o.z.i.l.l.a. .F.i.r.e.f.o.x.....b.2..S..<W,. .firefox.exe.H......CW}WtY................................f.i.r.e.f.o.x...e.x.e.......[...............-.......Z...........o.-......C:\Program Files\Mozilla Firefox\firefox.exe....O.p.e.n. .a. .n.e.w. .b.r.o.w.s.e.r. .t.a.b.....-.n.e.w.-.t.a.b. .a.b.o.u.t.:.b.l.a.n.k.,.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.M.o.z.i.l.l.a. .F.i.r.e.f.o.x.\.f.i.r.e.f.o.x...e.x.e.........%ProgramFiles%\Mozilla Firefox\firefox.exe................................................................................................................................................................................
                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):5488
                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):3.3077502459434722
                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:24:hldfz1AE7TIUx2dWoM15WLN8zm8ldfz1AE7swM+bpoqdWoM15WLFX1Rgm+ldfz16:hldCPUgdwDzzldC56BdwF9ldC5adwH1
                                                                                                                                                                                                                                                                                                                                                                                      MD5:D6AC54FA40AE119F055CC0C39C416EAF
                                                                                                                                                                                                                                                                                                                                                                                      SHA1:031ACD6E85A5A3DC0E5430FA4FEA2A9748DF4E85
                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:975C69B321162A173AC8A4BEFB8BF8F26018C4A6002094F9B484BDB31ADE2470
                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:A52772B10E0160AC820477418572BA743A33B8A9CD867C805596B1084801E5291B193A5BF86D13425CCE71833CDE3A67A3491F8E99F58C2C762BA0F67D5791B0
                                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                      Preview:...................................FL..................F.@.. ...p.......G.L..:..........S...........................P.O. .:i.....+00.../C:\.....................1.....DW.V..PROGRA~1..t......O.ItY......B...............J.....i...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....h.1.....CW.X..MOZILL~1..P......CW}WtY..............................>.M.o.z.i.l.l.a. .F.i.r.e.f.o.x.....b.2..S..<W,. .firefox.exe.H......CW}WtY................................f.i.r.e.f.o.x...e.x.e.......[...............-.......Z...........o.-......C:\Program Files\Mozilla Firefox\firefox.exe....O.p.e.n. .a. .n.e.w. .b.r.o.w.s.e.r. .t.a.b.....-.n.e.w.-.t.a.b. .a.b.o.u.t.:.b.l.a.n.k.,.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.M.o.z.i.l.l.a. .F.i.r.e.f.o.x.\.f.i.r.e.f.o.x...e.x.e.........%ProgramFiles%\Mozilla Firefox\firefox.exe................................................................................................................................................................................
                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):3621
                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.927569408694201
                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:96:8S+OfJQPUFpOdwNIOdYVjvYcXaNL1Y68P:8S+OBIUjOdwiOdYVjjwL1Y68P
                                                                                                                                                                                                                                                                                                                                                                                      MD5:B051ACEBF03CC7CC4693BACC7B9283BF
                                                                                                                                                                                                                                                                                                                                                                                      SHA1:0AF82FCFF0B183142545B6A54601F85BFAAD6D10
                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:63B8179AB9829AF9EBD515FEBC0CFD260C89B38DE09E2B78B6AA5123750A30B8
                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:F7B9918FAE4566D773566543434B0A5DFB6F898E182711AC9433556D2C5FFCDF43D4EE221E31141279C134C3AE162E7B4C41CA29F4453C1E794C2D5A24DE17D6
                                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                      Preview:{"csv-import-release-rollout":{"slug":"csv-import-release-rollout","branch":{"slug":"enable-csv-import","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pre-95-support"},"features":[{"value":{"csvImport":true},"enabled":true,"featureId":"cm-csv-import"}]},"active":true,"enrollmentId":"c5d95379-f4ee-4629-a507-6f15a0e93cd4","experimentType":"rollout","source":"rs-loader","userFacingName":"CSV Import (Release Rollout)","userFacingDescription":"This rollout enables users to import logins from a CSV file from the about:logins page.","lastSeen":"2023-10-03T11:50:29.548Z","featureIds":["cm-csv-import"],"prefs":[{"name":"signon.management.page.fileImport.enabled","branch":"default","featureId":"cm-csv-import","variable":"csvImport","originalValue":false}],"isRollout":true},"serp-ad-telemetry-rollout":{"slug":"serp-ad-telemetry-rollout","branch":{"slug":"control","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pr
                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):3621
                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.927569408694201
                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:96:8S+OfJQPUFpOdwNIOdYVjvYcXaNL1Y68P:8S+OBIUjOdwiOdYVjjwL1Y68P
                                                                                                                                                                                                                                                                                                                                                                                      MD5:B051ACEBF03CC7CC4693BACC7B9283BF
                                                                                                                                                                                                                                                                                                                                                                                      SHA1:0AF82FCFF0B183142545B6A54601F85BFAAD6D10
                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:63B8179AB9829AF9EBD515FEBC0CFD260C89B38DE09E2B78B6AA5123750A30B8
                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:F7B9918FAE4566D773566543434B0A5DFB6F898E182711AC9433556D2C5FFCDF43D4EE221E31141279C134C3AE162E7B4C41CA29F4453C1E794C2D5A24DE17D6
                                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                      Preview:{"csv-import-release-rollout":{"slug":"csv-import-release-rollout","branch":{"slug":"enable-csv-import","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pre-95-support"},"features":[{"value":{"csvImport":true},"enabled":true,"featureId":"cm-csv-import"}]},"active":true,"enrollmentId":"c5d95379-f4ee-4629-a507-6f15a0e93cd4","experimentType":"rollout","source":"rs-loader","userFacingName":"CSV Import (Release Rollout)","userFacingDescription":"This rollout enables users to import logins from a CSV file from the about:logins page.","lastSeen":"2023-10-03T11:50:29.548Z","featureIds":["cm-csv-import"],"prefs":[{"name":"signon.management.page.fileImport.enabled","branch":"default","featureId":"cm-csv-import","variable":"csvImport","originalValue":false}],"isRollout":true},"serp-ad-telemetry-rollout":{"slug":"serp-ad-telemetry-rollout","branch":{"slug":"control","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pr
                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                      File Type:Mozilla lz4 compressed data, originally 23432 bytes
                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):5312
                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):6.615424734763731
                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:96:V2YbKsKNU2xWrp327tGmD4wBON6h6cHaJVJuZMd0JGkkrw2D:VTx2x2t0FDJ4NpwZMd0EJws
                                                                                                                                                                                                                                                                                                                                                                                      MD5:1B9C8056D3619CE5A8C59B0C09873F17
                                                                                                                                                                                                                                                                                                                                                                                      SHA1:1015C630E1937AA63F6AB31743782ECB5D78CCD8
                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:A6AE5DE0733FED050AB570AD9374FF4593D554F695B5AE4E2495871D171D34A3
                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:B1DC9CC675D5476C270A2D5B214D3DF2B3856576ED7EFE92D9A606C2D9D34E781018902AE75CE9C1E25007BB7F8D8F7B52997E6F05B845EF44BAF22F614FE899
                                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                      Preview:mozLz40..[....{"app-system-defaults":{"addon....formautofill@mozilla.org&..Gdependencies":[],"enabled":true,"lastModifiedTime":1695865283000,"loader":null,"path":s.....xpi","recommendationStateA...rootURI":"jar:file:///C:/Program%20Files/M.......refox/browser/features/...... !/...unInSafeMode..wsignedD...telemetryKey..7%40R...:1.0.1","version":"..`},"pic..#in.....T.n..w...........S.......(.[......0....0"},"screenshots..T.r.....[.......(.V....-39.......},"webcompat-reporter...Ofals..&.z.....[.......(.]....=1.5.............<.)....p....d......1.z.!18...5.....startupData...pX.astentL..!er...webRequest%..onBefore...[[{"incognitoi.UtabId..!yp...."main_frame"],"url...."*://login.microsoftonline.com/*","..@us/*L.dwindows...},["blocking"]],...Iimag...https://smartT.".f.....etp/facebook.svg",...Aplay*....8`script...P.....-....-testbed.herokuapp\.`shims_..3.jsh.bexampl|.......Pexten{..Q../?..s...S.J/_2..@&_3U..s7.addthis . ic...officialK......-angularjs/current/dist(..t.min.js...track.adB...net/s
                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                      File Type:Mozilla lz4 compressed data, originally 23432 bytes
                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):5312
                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):6.615424734763731
                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:96:V2YbKsKNU2xWrp327tGmD4wBON6h6cHaJVJuZMd0JGkkrw2D:VTx2x2t0FDJ4NpwZMd0EJws
                                                                                                                                                                                                                                                                                                                                                                                      MD5:1B9C8056D3619CE5A8C59B0C09873F17
                                                                                                                                                                                                                                                                                                                                                                                      SHA1:1015C630E1937AA63F6AB31743782ECB5D78CCD8
                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:A6AE5DE0733FED050AB570AD9374FF4593D554F695B5AE4E2495871D171D34A3
                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:B1DC9CC675D5476C270A2D5B214D3DF2B3856576ED7EFE92D9A606C2D9D34E781018902AE75CE9C1E25007BB7F8D8F7B52997E6F05B845EF44BAF22F614FE899
                                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                      Preview:mozLz40..[....{"app-system-defaults":{"addon....formautofill@mozilla.org&..Gdependencies":[],"enabled":true,"lastModifiedTime":1695865283000,"loader":null,"path":s.....xpi","recommendationStateA...rootURI":"jar:file:///C:/Program%20Files/M.......refox/browser/features/...... !/...unInSafeMode..wsignedD...telemetryKey..7%40R...:1.0.1","version":"..`},"pic..#in.....T.n..w...........S.......(.[......0....0"},"screenshots..T.r.....[.......(.V....-39.......},"webcompat-reporter...Ofals..&.z.....[.......(.]....=1.5.............<.)....p....d......1.z.!18...5.....startupData...pX.astentL..!er...webRequest%..onBefore...[[{"incognitoi.UtabId..!yp...."main_frame"],"url...."*://login.microsoftonline.com/*","..@us/*L.dwindows...},["blocking"]],...Iimag...https://smartT.".f.....etp/facebook.svg",...Aplay*....8`script...P.....-....-testbed.herokuapp\.`shims_..3.jsh.bexampl|.......Pexten{..Q../?..s...S.J/_2..@&_3U..s7.addthis . ic...officialK......-angularjs/current/dist(..t.min.js...track.adB...net/s
                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):24
                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):3.91829583405449
                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:3:YWGifTJE6iHQ:YWGif9EE
                                                                                                                                                                                                                                                                                                                                                                                      MD5:3088F0272D29FAA42ED452C5E8120B08
                                                                                                                                                                                                                                                                                                                                                                                      SHA1:C72AA542EF60AFA3DF5DFE1F9FCC06C0B135BE23
                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:D587CEC944023447DC91BC5F71E2291711BA5ADD337464837909A26F34BC5A06
                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:B662414EDD6DEF8589304904263584847586ECCA0B0E6296FB3ADB2192D92FB48697C99BD27C4375D192150E3F99102702AF2391117FFF50A9763C74C193D798
                                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                      Preview:{"schema":6,"addons":[]}
                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):24
                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):3.91829583405449
                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:3:YWGifTJE6iHQ:YWGif9EE
                                                                                                                                                                                                                                                                                                                                                                                      MD5:3088F0272D29FAA42ED452C5E8120B08
                                                                                                                                                                                                                                                                                                                                                                                      SHA1:C72AA542EF60AFA3DF5DFE1F9FCC06C0B135BE23
                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:D587CEC944023447DC91BC5F71E2291711BA5ADD337464837909A26F34BC5A06
                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:B662414EDD6DEF8589304904263584847586ECCA0B0E6296FB3ADB2192D92FB48697C99BD27C4375D192150E3F99102702AF2391117FFF50A9763C74C193D798
                                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                      Preview:{"schema":6,"addons":[]}
                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                      File Type:SQLite 3.x database, user version 5, last written using SQLite version 3042000, page size 32768, file counter 5, database pages 8, cookie 0x6, schema 4, largest root page 8, UTF-8, vacuum mode 1, version-valid-for 5
                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):262144
                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):0.04905391753567332
                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:24:DLivwae+Q8Uu50xj0aWe9LxYkKA25Q5tvAA:D6wae+QtMImelekKDa5
                                                                                                                                                                                                                                                                                                                                                                                      MD5:DD9D28E87ED57D16E65B14501B4E54D1
                                                                                                                                                                                                                                                                                                                                                                                      SHA1:793839B47326441BE2D1336BA9A61C9B948C578D
                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:BB4E6C58C50BD6399ED70468C02B584595C29F010B66F864CD4D6B427FA365BC
                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:A2626F6A3CBADE62E38DA5987729D99830D0C6AA134D4A9E615026A5F18ACBB11A2C3C80917DAD76DA90ED5BAA9B0454D4A3C2DD04436735E78C974BA1D035B1
                                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j......|....~.}.}z}-|.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                      File Type:Mozilla lz4 compressed data, originally 56 bytes
                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):66
                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.837595020998689
                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:3:3fX/xH8IXl/I3v0lb7iioW:vXpH1RPXt
                                                                                                                                                                                                                                                                                                                                                                                      MD5:A6338865EB252D0EF8FCF11FA9AF3F0D
                                                                                                                                                                                                                                                                                                                                                                                      SHA1:CECDD4C4DCAE10C2FFC8EB938121B6231DE48CD3
                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:078648C042B9B08483CE246B7F01371072541A2E90D1BEB0C8009A6118CBD965
                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:D950227AC83F4E8246D73F9F35C19E88CE65D0CA5F1EF8CCBB02ED6EFC66B1B7E683E2BA0200279D7CA4B49831FD8C3CEB0584265B10ACCFF2611EC1CA8C0C6C
                                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                      Preview:mozLz40.8.....{"v":1,"crashes":{},"countsByDay....rruptDate":null}
                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                      File Type:Mozilla lz4 compressed data, originally 56 bytes
                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):66
                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.837595020998689
                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:3:3fX/xH8IXl/I3v0lb7iioW:vXpH1RPXt
                                                                                                                                                                                                                                                                                                                                                                                      MD5:A6338865EB252D0EF8FCF11FA9AF3F0D
                                                                                                                                                                                                                                                                                                                                                                                      SHA1:CECDD4C4DCAE10C2FFC8EB938121B6231DE48CD3
                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:078648C042B9B08483CE246B7F01371072541A2E90D1BEB0C8009A6118CBD965
                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:D950227AC83F4E8246D73F9F35C19E88CE65D0CA5F1EF8CCBB02ED6EFC66B1B7E683E2BA0200279D7CA4B49831FD8C3CEB0584265B10ACCFF2611EC1CA8C0C6C
                                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                      Preview:mozLz40.8.....{"v":1,"crashes":{},"countsByDay....rruptDate":null}
                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):36830
                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.185924656884556
                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:768:wI43DvfWXf4E6C4p4EC4Y4QfEWvM4B4QS4z4444XQ4U:wUfdvk
                                                                                                                                                                                                                                                                                                                                                                                      MD5:5656BA69BD2966108A461AAE35F60226
                                                                                                                                                                                                                                                                                                                                                                                      SHA1:9C2E5AE52D82CEA43C4A5FFF205A7700CF54D61C
                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:587596712960B26EAC18CB354CCD633FFDB218E374A9D59EFEA843914D7AB299
                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:38F715AD9156558B5D57CA2E75FB0FFE0C5C6728BD94484B8F15E090120DDD02DCE42DBC9CC7143AD6552460A5F3A40E577FAF1D76D5D40B25CDBE636F250054
                                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                      Preview:{"schemaVersion":35,"addons":[{"id":"formautofill@mozilla.org","syncGUID":"{60024e8e-cfd0-41e5-965d-7128c7dcf0e8}","version":"1.0.1","type":"extension","loader":null,"updateURL":null,"installOrigins":null,"manifestVersion":2,"optionsURL":null,"optionsType":null,"optionsBrowserStyle":true,"aboutURL":null,"defaultLocale":{"name":"Form Autofill","creator":null,"developers":null,"translators":null,"contributors":null},"visible":true,"active":true,"userDisabled":false,"appDisabled":false,"embedderDisabled":false,"installDate":1695865283000,"updateDate":1695865283000,"applyBackgroundUpdates":1,"path":"C:\\Program Files\\Mozilla Firefox\\browser\\features\\formautofill@mozilla.org.xpi","skinnable":false,"sourceURI":null,"releaseNotesURI":null,"softDisabled":false,"foreignInstall":false,"strictCompatibility":true,"locales":[],"targetApplications":[{"id":"toolkit@mozilla.org","minVersion":null,"maxVersion":null}],"targetPlatforms":[],"signedDate":null,"seen":true,"dependencies":[],"incognito":"
                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):36830
                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.185924656884556
                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:768:wI43DvfWXf4E6C4p4EC4Y4QfEWvM4B4QS4z4444XQ4U:wUfdvk
                                                                                                                                                                                                                                                                                                                                                                                      MD5:5656BA69BD2966108A461AAE35F60226
                                                                                                                                                                                                                                                                                                                                                                                      SHA1:9C2E5AE52D82CEA43C4A5FFF205A7700CF54D61C
                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:587596712960B26EAC18CB354CCD633FFDB218E374A9D59EFEA843914D7AB299
                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:38F715AD9156558B5D57CA2E75FB0FFE0C5C6728BD94484B8F15E090120DDD02DCE42DBC9CC7143AD6552460A5F3A40E577FAF1D76D5D40B25CDBE636F250054
                                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                      Preview:{"schemaVersion":35,"addons":[{"id":"formautofill@mozilla.org","syncGUID":"{60024e8e-cfd0-41e5-965d-7128c7dcf0e8}","version":"1.0.1","type":"extension","loader":null,"updateURL":null,"installOrigins":null,"manifestVersion":2,"optionsURL":null,"optionsType":null,"optionsBrowserStyle":true,"aboutURL":null,"defaultLocale":{"name":"Form Autofill","creator":null,"developers":null,"translators":null,"contributors":null},"visible":true,"active":true,"userDisabled":false,"appDisabled":false,"embedderDisabled":false,"installDate":1695865283000,"updateDate":1695865283000,"applyBackgroundUpdates":1,"path":"C:\\Program Files\\Mozilla Firefox\\browser\\features\\formautofill@mozilla.org.xpi","skinnable":false,"sourceURI":null,"releaseNotesURI":null,"softDisabled":false,"foreignInstall":false,"strictCompatibility":true,"locales":[],"targetApplications":[{"id":"toolkit@mozilla.org","minVersion":null,"maxVersion":null}],"targetPlatforms":[],"signedDate":null,"seen":true,"dependencies":[],"incognito":"
                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):32768
                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):0.017262956703125623
                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                                                                                                                                                                                                                                                                                                                                                      MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                                                                                                                                                                                                                                                                                                                                                      SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                      Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):1021904
                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):6.648417932394748
                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:12288:vYLdTfFKbNSjv92eFN+3wH+NYriA0Iq6lh6VawYIpAvwHN/Uf1h47HAfg1oet:vYLdTZ923NYrjwNpgwef1hzfg1x
                                                                                                                                                                                                                                                                                                                                                                                      MD5:FE3355639648C417E8307C6D051E3E37
                                                                                                                                                                                                                                                                                                                                                                                      SHA1:F54602D4B4778DA21BC97C7238FC66AA68C8EE34
                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:1ED7877024BE63A049DA98733FD282C16BD620530A4FB580DACEC3A78ACE914E
                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:8F4030BB2464B98ECCBEA6F06EB186D7216932702D94F6B84C56419E9CF65A18309711AB342D1513BF85AED402BC3535A70DB4395874828F0D35C278DD2EAC9C
                                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                                                                      • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox View:
                                                                                                                                                                                                                                                                                                                                                                                      • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                                      • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                                      • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                                      • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                                      • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                                      • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                                      • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                                      • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                                      • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......NH...)...)...)..eM...)..eM...)..eM..)..eM...)...)..i)..XA...)..XA..;)..XA...)...)..g)..cA...)..cA...)..Rich.)..........PE..d....z\.........." .....t................................................................`.........................................P...,...|...(............P...H...z.................T...........................0...................p............................text...$s.......t.................. ..`.rdata...~...........x..............@..@.data....3..........................@....pdata...H...P...J..................@..@.rodata..............^..............@..@.reloc...............j..............@..B........................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):1021904
                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):6.648417932394748
                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:12288:vYLdTfFKbNSjv92eFN+3wH+NYriA0Iq6lh6VawYIpAvwHN/Uf1h47HAfg1oet:vYLdTZ923NYrjwNpgwef1hzfg1x
                                                                                                                                                                                                                                                                                                                                                                                      MD5:FE3355639648C417E8307C6D051E3E37
                                                                                                                                                                                                                                                                                                                                                                                      SHA1:F54602D4B4778DA21BC97C7238FC66AA68C8EE34
                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:1ED7877024BE63A049DA98733FD282C16BD620530A4FB580DACEC3A78ACE914E
                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:8F4030BB2464B98ECCBEA6F06EB186D7216932702D94F6B84C56419E9CF65A18309711AB342D1513BF85AED402BC3535A70DB4395874828F0D35C278DD2EAC9C
                                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                                                                      • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox View:
                                                                                                                                                                                                                                                                                                                                                                                      • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                                      • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                                      • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                                      • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                                      • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                                      • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                                      • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                                      • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                                      • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......NH...)...)...)..eM...)..eM...)..eM..)..eM...)...)..i)..XA...)..XA..;)..XA...)...)..g)..cA...)..cA...)..Rich.)..........PE..d....z\.........." .....t................................................................`.........................................P...,...|...(............P...H...z.................T...........................0...................p............................text...$s.......t.................. ..`.rdata...~...........x..............@..@.data....3..........................@....pdata...H...P...J..................@..@.rodata..............^..............@..@.reloc...............j..............@..B........................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):116
                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.968220104601006
                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:3:C3OuN9RAM7VDXcEzq+rEakOvTMBv+FdBAIABv+FEn:0BDUmHlvAWeWEn
                                                                                                                                                                                                                                                                                                                                                                                      MD5:3D33CDC0B3D281E67DD52E14435DD04F
                                                                                                                                                                                                                                                                                                                                                                                      SHA1:4DB88689282FD4F9E9E6AB95FCBB23DF6E6485DB
                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:F526E9F98841D987606EFEAFF7F3E017BA9FD516C4BE83890C7F9A093EA4C47B
                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:A4A96743332CC8EF0F86BC2E6122618BFC75ED46781DADBAC9E580CD73DF89E74738638A2CCCB4CAA4CBBF393D771D7F2C73F825737CDB247362450A0D4A4BC1
                                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                      Preview:Name: gmpopenh264.Description: GMP Plugin for OpenH264..Version: 1.8.1.APIs: encode-video[h264], decode-video[h264].
                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):116
                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.968220104601006
                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:3:C3OuN9RAM7VDXcEzq+rEakOvTMBv+FdBAIABv+FEn:0BDUmHlvAWeWEn
                                                                                                                                                                                                                                                                                                                                                                                      MD5:3D33CDC0B3D281E67DD52E14435DD04F
                                                                                                                                                                                                                                                                                                                                                                                      SHA1:4DB88689282FD4F9E9E6AB95FCBB23DF6E6485DB
                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:F526E9F98841D987606EFEAFF7F3E017BA9FD516C4BE83890C7F9A093EA4C47B
                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:A4A96743332CC8EF0F86BC2E6122618BFC75ED46781DADBAC9E580CD73DF89E74738638A2CCCB4CAA4CBBF393D771D7F2C73F825737CDB247362450A0D4A4BC1
                                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                      Preview:Name: gmpopenh264.Description: GMP Plugin for OpenH264..Version: 1.8.1.APIs: encode-video[h264], decode-video[h264].
                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                      File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, file counter 4, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):98304
                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):0.07330342605310723
                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:12:DBl/A0OWla0mwPxRymgObsCVR45wcYR4fmnsCVR4zki:DLhesh7Owd4+ji
                                                                                                                                                                                                                                                                                                                                                                                      MD5:480E2615CA7E2D1F715C1D16F44AEA95
                                                                                                                                                                                                                                                                                                                                                                                      SHA1:72ED7FDA4C37FE687D0D3C60D12F50BD7E16F1DA
                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:48B0FED14D20379F12830274F70780668E41D03C7BEA0B8D1E94871BD33D3FB0
                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:BC1C10B2A535CBCB997CC4A1DE27927186A51C8593076A029F91062F72572B619C50A2DF6A56ADD75687F362A2A441A39B6BE970FBAF5515846050715312C879
                                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j......~s..F~s........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):32768
                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):0.039545238451853294
                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:3:GHlhVOR9I0C8n9HalhVOR9I0C8nll//ol8a9//Ylll4llqlyllel4lt:G7VObI0/9HeVObI0/lloL9XIwlio
                                                                                                                                                                                                                                                                                                                                                                                      MD5:85A0E4B91E8B7E7CC493FF1EC5408D52
                                                                                                                                                                                                                                                                                                                                                                                      SHA1:D9D14C2AA8C115055CA0757017DAA12623D3DC53
                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:254B542209717B677B9448B2A7E9778D833143DAF61B93E56ABEC2F945C6A940
                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:B084BA0855933F015E52B548A8B72E96D783B27E584BC5E99EFCC1E8F9AB376E8F36C077FCDEA60B6FDB0C150A39E4407797D1B8AF5C2894FAE89DFE129282EF
                                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                      Preview:..-.......................8..X-.@..y..`yb.'.o....-.......................8..X-.@..y..`yb.'.o..........................................................'...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                      File Type:SQLite Write-Ahead Log, version 3007000
                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):163992
                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):0.11816593111631142
                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:24:KmyBfkULxsZ+YUjxsMltTAUCF2QWUCZ7CCQE/TKCbCMxsaxdIwlOVZ2i7+:6BMAQPCJtUnWdU+RVxdZGZk
                                                                                                                                                                                                                                                                                                                                                                                      MD5:7C947A86A0C46A30C53891EA064FD04C
                                                                                                                                                                                                                                                                                                                                                                                      SHA1:BEDD7FD8A6DA281FE43859DA1CF221983ECAF99C
                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:B26E220FAB00D719A6532EF4B459E19575A5730E053F325BF706C8B78A371661
                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:7A3CA5BD8C59E48698AE251E8D6CEEA6FC8FACEA33486911505C7175134BA46D4953CDD08CB666AAA941EEFB023A0341DF3AEBE241A5B3528426E4BF13E64A14
                                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                      Preview:7....-..........@..y..`...S..8q........@..y..`.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                      File Type:ASCII text, with very long lines (1809), with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):13254
                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.4948009415116115
                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:192:4naRtLYbBp6hhj4qyaaXz6KZNTNlwN5RfGNBw8ddSl:1ezqxyNp2cwe0
                                                                                                                                                                                                                                                                                                                                                                                      MD5:56F15454CE11EBEAD62DF1A59211870B
                                                                                                                                                                                                                                                                                                                                                                                      SHA1:A80B9B6CE67FD997E67164C2621B03B0BA9ED722
                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:FDF749B6D94DBBFFFE93BC456B4E1AA91E4A6DACB80E776F78371AD7708A228E
                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:2D71A384FC12A04A685D31F2DEB68F1A862E544C1E6B6B58F09E0B0359F8F8750D4A7F8F034B1EF534A603A5E036517DC9AD23CE1F73CBC5F81B5900F1084F8D
                                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                      Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "57f16a19-e119-4073-bf01-28f88011f783");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.backgroundErrors", 2);..user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1732074436);..user_pref("app.update.lastUpdateTime.background-update-timer", 1732074436);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 1732074436);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 173207
                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                      File Type:ASCII text, with very long lines (1809), with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):13254
                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.4948009415116115
                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:192:4naRtLYbBp6hhj4qyaaXz6KZNTNlwN5RfGNBw8ddSl:1ezqxyNp2cwe0
                                                                                                                                                                                                                                                                                                                                                                                      MD5:56F15454CE11EBEAD62DF1A59211870B
                                                                                                                                                                                                                                                                                                                                                                                      SHA1:A80B9B6CE67FD997E67164C2621B03B0BA9ED722
                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:FDF749B6D94DBBFFFE93BC456B4E1AA91E4A6DACB80E776F78371AD7708A228E
                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:2D71A384FC12A04A685D31F2DEB68F1A862E544C1E6B6B58F09E0B0359F8F8750D4A7F8F034B1EF534A603A5E036517DC9AD23CE1F73CBC5F81B5900F1084F8D
                                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                      Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "57f16a19-e119-4073-bf01-28f88011f783");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.backgroundErrors", 2);..user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1732074436);..user_pref("app.update.lastUpdateTime.background-update-timer", 1732074436);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 1732074436);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 173207
                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                      File Type:SQLite 3.x database, user version 1, last written using SQLite version 3042000, page size 32768, file counter 5, database pages 2, cookie 0x1, schema 4, UTF-8, version-valid-for 5
                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):65536
                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):0.04062825861060003
                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:6:ltBl/l4/WN1h4BEJYqWvLue3FMOrMZ0l:DBl/WuntfJiFxMZO
                                                                                                                                                                                                                                                                                                                                                                                      MD5:18F65713B07CB441E6A98655B726D098
                                                                                                                                                                                                                                                                                                                                                                                      SHA1:2CEFA32BC26B25BE81C411B60C9925CB0F1F8F88
                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:B6C268E48546B113551A5AF9CA86BB6A462A512DE6C9289315E125CEB0FD8621
                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:A6871076C7D7ED53B630F9F144ED04303AD54A2E60B94ECA2AA96964D1AB375EEFDCA86CE0D3EB0E9DBB81470C6BD159877125A080C95EB17E54A52427F805FB
                                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j.......x..x..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):493
                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.963645771631291
                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:12:YZFgRCu+bYZIVHlW8cOlZGV1AQIYzvZcyBuLZ2d:YCCuCgSlCOlZGV1AQIWZcy6Z2d
                                                                                                                                                                                                                                                                                                                                                                                      MD5:73C82F80C6703EA68186D1BC610F4BE9
                                                                                                                                                                                                                                                                                                                                                                                      SHA1:9A60FE29F1102C7B9A22AAF8A3F29AF235D71830
                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:72B7773C7C3C5BB2025E2CFB476D19F469DC331AF28CF9381BA81FA67CE12192
                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:A506A95B54764A898CAD5CC7BB214DEDB0F63CDBDCEE2A09E9218DB63A9484C9F5B6C9BF5C279DB02AC8859FE39DCEE564A6AE7F54A38610C944EE3E03FBF6C8
                                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                      Preview:{"type":"health","id":"d8c9da24-7c76-4f3a-80ec-6fcf5e5d0510","creationDate":"2024-11-20T03:47:45.916Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"os":{"name":"WINNT","version":"10.0"},"reason":"immediate","sendFailure":{"eUnreachable":1}},"clientId":"65e71c9e-6ac3-4903-9066-b134350de32c"}
                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                                      Category:modified
                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):493
                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.963645771631291
                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:12:YZFgRCu+bYZIVHlW8cOlZGV1AQIYzvZcyBuLZ2d:YCCuCgSlCOlZGV1AQIWZcy6Z2d
                                                                                                                                                                                                                                                                                                                                                                                      MD5:73C82F80C6703EA68186D1BC610F4BE9
                                                                                                                                                                                                                                                                                                                                                                                      SHA1:9A60FE29F1102C7B9A22AAF8A3F29AF235D71830
                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:72B7773C7C3C5BB2025E2CFB476D19F469DC331AF28CF9381BA81FA67CE12192
                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:A506A95B54764A898CAD5CC7BB214DEDB0F63CDBDCEE2A09E9218DB63A9484C9F5B6C9BF5C279DB02AC8859FE39DCEE564A6AE7F54A38610C944EE3E03FBF6C8
                                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                      Preview:{"type":"health","id":"d8c9da24-7c76-4f3a-80ec-6fcf5e5d0510","creationDate":"2024-11-20T03:47:45.916Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"os":{"name":"WINNT","version":"10.0"},"reason":"immediate","sendFailure":{"eUnreachable":1}},"clientId":"65e71c9e-6ac3-4903-9066-b134350de32c"}
                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):90
                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.194538242412464
                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:3:YVXKQJAyiVLQwJtJDBA+AJ2LKZXJ3YFwHY:Y9KQOy6Lb1BA+m2L69Yr
                                                                                                                                                                                                                                                                                                                                                                                      MD5:C4AB2EE59CA41B6D6A6EA911F35BDC00
                                                                                                                                                                                                                                                                                                                                                                                      SHA1:5942CD6505FC8A9DABA403B082067E1CDEFDFBC4
                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:00AD9799527C3FD21F3A85012565EAE817490F3E0D417413BF9567BB5909F6A2
                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:71EA16900479E6AF161E0AAD08C8D1E9DED5868A8D848E7647272F3002E2F2013E16382B677ABE3C6F17792A26293B9E27EC78E16F00BD24BA3D21072BD1CAE2
                                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                      Preview:{"profile-after-change":true,"final-ui-startup":true,"sessionstore-windows-restored":true}
                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):90
                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.194538242412464
                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:3:YVXKQJAyiVLQwJtJDBA+AJ2LKZXJ3YFwHY:Y9KQOy6Lb1BA+m2L69Yr
                                                                                                                                                                                                                                                                                                                                                                                      MD5:C4AB2EE59CA41B6D6A6EA911F35BDC00
                                                                                                                                                                                                                                                                                                                                                                                      SHA1:5942CD6505FC8A9DABA403B082067E1CDEFDFBC4
                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:00AD9799527C3FD21F3A85012565EAE817490F3E0D417413BF9567BB5909F6A2
                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:71EA16900479E6AF161E0AAD08C8D1E9DED5868A8D848E7647272F3002E2F2013E16382B677ABE3C6F17792A26293B9E27EC78E16F00BD24BA3D21072BD1CAE2
                                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                      Preview:{"profile-after-change":true,"final-ui-startup":true,"sessionstore-windows-restored":true}
                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                      File Type:Mozilla lz4 compressed data, originally 5861 bytes
                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):1573
                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):6.32966665594232
                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:24:v+USUGlcAxSLx2LXnIgyM/pnxQwRlszT5sKtTo3eHVQj6TSamhujJlOsIx6mNVrw:GUpOx1NnR61o3eHTS4JlGjquR4
                                                                                                                                                                                                                                                                                                                                                                                      MD5:A4D912C14D78BF30E049C3E086387254
                                                                                                                                                                                                                                                                                                                                                                                      SHA1:267E2C127A1046FABD80F9E21DA1A6805D864F5A
                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:5FB62CBFA6AD5F019974E6DB73069680317F1794A270629517D1726A3A920F8D
                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:FA22BC80682960F16E0A1BB70FF2642859D6CF7D4684DA1B556AABF5DFF49768293473197D01E4F8DD88B46D7DD265B771F4D1753BF716E2137A30D672A90101
                                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                      Preview:mozLz40.......{"version":["ses....restore",1],"windows":[{"tab..bentrie....url":"https://youtube.com/account?=.....rs.googl%...v3/signin/challenge/pwd","title[.C..cacheKey":0,"ID":6,"docshellUU...D"{5826946a-2b2c-4667-86a2-59a5edfb4e1c}","resultPrincipalURI":null,"hasUserInteracte...true,"triggering8.p_base64z..\"3\":{}^...docIdentifier":7,"persistK..+}],"lastAccessed":1732074440239,"hidden":false,"searchMode...userContextId...attribut...{},"index":1...questedI..p0,"imag....chrome://global/skin/icons/warning.svg"..aselect...,"_closedTZ.@],"_...C..`GroupCF..":-1,"busy...t...Flags":2167541758....dth":1164,"height":891,"screenX":4...Y..Aizem..."maximize......BeforeMin...&..workspace9...1a5ccf63-1000-409f-b5c1-afec7f75d4d9","zD..1...Wm..l........j..:....1":{..iUpdate...40,"startTim..P05167...centCrash..B0},".....Dcook.. hoc..."addons.mozilla.org","valu...A8bad2467092e6ddeb0dfa9e5ea54d86d26790ca7ba2ce88d10cb4604fe726755","path":"/","na..a"taarI|.Recure...,`.Donly..fexpiry...10795,"originA..
                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                      File Type:Mozilla lz4 compressed data, originally 5861 bytes
                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):1573
                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):6.32966665594232
                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:24:v+USUGlcAxSLx2LXnIgyM/pnxQwRlszT5sKtTo3eHVQj6TSamhujJlOsIx6mNVrw:GUpOx1NnR61o3eHTS4JlGjquR4
                                                                                                                                                                                                                                                                                                                                                                                      MD5:A4D912C14D78BF30E049C3E086387254
                                                                                                                                                                                                                                                                                                                                                                                      SHA1:267E2C127A1046FABD80F9E21DA1A6805D864F5A
                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:5FB62CBFA6AD5F019974E6DB73069680317F1794A270629517D1726A3A920F8D
                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:FA22BC80682960F16E0A1BB70FF2642859D6CF7D4684DA1B556AABF5DFF49768293473197D01E4F8DD88B46D7DD265B771F4D1753BF716E2137A30D672A90101
                                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                      Preview:mozLz40.......{"version":["ses....restore",1],"windows":[{"tab..bentrie....url":"https://youtube.com/account?=.....rs.googl%...v3/signin/challenge/pwd","title[.C..cacheKey":0,"ID":6,"docshellUU...D"{5826946a-2b2c-4667-86a2-59a5edfb4e1c}","resultPrincipalURI":null,"hasUserInteracte...true,"triggering8.p_base64z..\"3\":{}^...docIdentifier":7,"persistK..+}],"lastAccessed":1732074440239,"hidden":false,"searchMode...userContextId...attribut...{},"index":1...questedI..p0,"imag....chrome://global/skin/icons/warning.svg"..aselect...,"_closedTZ.@],"_...C..`GroupCF..":-1,"busy...t...Flags":2167541758....dth":1164,"height":891,"screenX":4...Y..Aizem..."maximize......BeforeMin...&..workspace9...1a5ccf63-1000-409f-b5c1-afec7f75d4d9","zD..1...Wm..l........j..:....1":{..iUpdate...40,"startTim..P05167...centCrash..B0},".....Dcook.. hoc..."addons.mozilla.org","valu...A8bad2467092e6ddeb0dfa9e5ea54d86d26790ca7ba2ce88d10cb4604fe726755","path":"/","na..a"taarI|.Recure...,`.Donly..fexpiry...10795,"originA..
                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                      File Type:Mozilla lz4 compressed data, originally 5861 bytes
                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):1573
                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):6.32966665594232
                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:24:v+USUGlcAxSLx2LXnIgyM/pnxQwRlszT5sKtTo3eHVQj6TSamhujJlOsIx6mNVrw:GUpOx1NnR61o3eHTS4JlGjquR4
                                                                                                                                                                                                                                                                                                                                                                                      MD5:A4D912C14D78BF30E049C3E086387254
                                                                                                                                                                                                                                                                                                                                                                                      SHA1:267E2C127A1046FABD80F9E21DA1A6805D864F5A
                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:5FB62CBFA6AD5F019974E6DB73069680317F1794A270629517D1726A3A920F8D
                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:FA22BC80682960F16E0A1BB70FF2642859D6CF7D4684DA1B556AABF5DFF49768293473197D01E4F8DD88B46D7DD265B771F4D1753BF716E2137A30D672A90101
                                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                      Preview:mozLz40.......{"version":["ses....restore",1],"windows":[{"tab..bentrie....url":"https://youtube.com/account?=.....rs.googl%...v3/signin/challenge/pwd","title[.C..cacheKey":0,"ID":6,"docshellUU...D"{5826946a-2b2c-4667-86a2-59a5edfb4e1c}","resultPrincipalURI":null,"hasUserInteracte...true,"triggering8.p_base64z..\"3\":{}^...docIdentifier":7,"persistK..+}],"lastAccessed":1732074440239,"hidden":false,"searchMode...userContextId...attribut...{},"index":1...questedI..p0,"imag....chrome://global/skin/icons/warning.svg"..aselect...,"_closedTZ.@],"_...C..`GroupCF..":-1,"busy...t...Flags":2167541758....dth":1164,"height":891,"screenX":4...Y..Aizem..."maximize......BeforeMin...&..workspace9...1a5ccf63-1000-409f-b5c1-afec7f75d4d9","zD..1...Wm..l........j..:....1":{..iUpdate...40,"startTim..P05167...centCrash..B0},".....Dcook.. hoc..."addons.mozilla.org","valu...A8bad2467092e6ddeb0dfa9e5ea54d86d26790ca7ba2ce88d10cb4604fe726755","path":"/","na..a"taarI|.Recure...,`.Donly..fexpiry...10795,"originA..
                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                      File Type:SQLite 3.x database, user version 131075, last written using SQLite version 3042000, page size 512, file counter 6, database pages 8, cookie 0x4, schema 4, UTF-8, version-valid-for 6
                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):2.0836444556178684
                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:24:JBwdh/cEUcR9PzNFPFHx/GJRBdkOrDcRB1trwDeAq2gRMyxr3:jnEUo9LXtR+JdkOnohYsl
                                                                                                                                                                                                                                                                                                                                                                                      MD5:8B40B1534FF0F4B533AF767EB5639A05
                                                                                                                                                                                                                                                                                                                                                                                      SHA1:63EDB539EA39AD09D701A36B535C4C087AE08CC9
                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:AF275A19A5C2C682139266065D90C237282274D11C5619A121B7BDBDB252861B
                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:54AF707698CED33C206B1B193DA414D630901762E88E37E99885A50D4D5F8DDC28367C9B401DFE251CF0552B4FA446EE28F78A97C9096AFB0F2898BFBB673B53
                                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):4537
                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.033858314599486
                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:48:YrSAYFi6UQZpExB1+anOsW4Vh351VxWRzzc8eYMsku7f86SLAVL7if5FtsfAcbyk:ycFiyTEr5QFRzzcMvbw6KkCrrc2Rn27
                                                                                                                                                                                                                                                                                                                                                                                      MD5:D28FF6F44E3951FC6A6BF038E772E53C
                                                                                                                                                                                                                                                                                                                                                                                      SHA1:B3540EFA40050EF97734EFB967936E516118DFBF
                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:406E48DB0D8A897B25913123F321F4155FC5BC7349268D0EB51EB70288154493
                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:A5DA8AFE7FBFF1262954BD5AB4D2793C2501102F8D7F1BF872622B1683D84A21330D96000099C1FA5B9194CBAF905114096B43746CAF43D8C886C704DF4CC54A
                                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                      Preview:{"environment":{"locale":"en-US","localeLanguageCode":"en","browserSettings":{"update":{"channel":"release","enabled":true,"autoDownload":true,"background":true}},"attributionData":{"campaign":"%2528not%2Bset%2529","content":"%2528not%2Bset%2529","dlsource":"mozorg","dltoken":"cd09ae95-e2cf-4b8b-8929-791b0dd48cdd","experiment":"%2528not%2Bset%2529","medium":"referral","source":"www.google.com","ua":"chrome","variation":"%2528not%2Bset%2529"},"currentDate":"2024-11-20T03:47:04.827Z","profileAgeCreated":1696333826043,"usesFirefoxSync":false,"isFxAEnabled":true,"isFxASignedIn":false,"sync":{"desktopDevices":0,"mobileDevices":0,"totalDevices":0},"xpinstallEnabled":true,"addonsInfo":{"addons":{"formautofill@mozilla.org":{"version":"1.0.1","type":"extension","isSystem":true,"isWebExtension":true,"name":"Form Autofill","userDisabled":false,"installDate":"2023-09-28T01:41:23.000Z"},"pictureinpicture@mozilla.org":{"version":"1.0.0","type":"extension","isSystem":true,"isWebExtension":true,"name"
                                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):4537
                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.033858314599486
                                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:48:YrSAYFi6UQZpExB1+anOsW4Vh351VxWRzzc8eYMsku7f86SLAVL7if5FtsfAcbyk:ycFiyTEr5QFRzzcMvbw6KkCrrc2Rn27
                                                                                                                                                                                                                                                                                                                                                                                      MD5:D28FF6F44E3951FC6A6BF038E772E53C
                                                                                                                                                                                                                                                                                                                                                                                      SHA1:B3540EFA40050EF97734EFB967936E516118DFBF
                                                                                                                                                                                                                                                                                                                                                                                      SHA-256:406E48DB0D8A897B25913123F321F4155FC5BC7349268D0EB51EB70288154493
                                                                                                                                                                                                                                                                                                                                                                                      SHA-512:A5DA8AFE7FBFF1262954BD5AB4D2793C2501102F8D7F1BF872622B1683D84A21330D96000099C1FA5B9194CBAF905114096B43746CAF43D8C886C704DF4CC54A
                                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                      Preview:{"environment":{"locale":"en-US","localeLanguageCode":"en","browserSettings":{"update":{"channel":"release","enabled":true,"autoDownload":true,"background":true}},"attributionData":{"campaign":"%2528not%2Bset%2529","content":"%2528not%2Bset%2529","dlsource":"mozorg","dltoken":"cd09ae95-e2cf-4b8b-8929-791b0dd48cdd","experiment":"%2528not%2Bset%2529","medium":"referral","source":"www.google.com","ua":"chrome","variation":"%2528not%2Bset%2529"},"currentDate":"2024-11-20T03:47:04.827Z","profileAgeCreated":1696333826043,"usesFirefoxSync":false,"isFxAEnabled":true,"isFxASignedIn":false,"sync":{"desktopDevices":0,"mobileDevices":0,"totalDevices":0},"xpinstallEnabled":true,"addonsInfo":{"addons":{"formautofill@mozilla.org":{"version":"1.0.1","type":"extension","isSystem":true,"isWebExtension":true,"name":"Form Autofill","userDisabled":false,"installDate":"2023-09-28T01:41:23.000Z"},"pictureinpicture@mozilla.org":{"version":"1.0.0","type":"extension","isSystem":true,"isWebExtension":true,"name"
                                                                                                                                                                                                                                                                                                                                                                                      File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):6.591577938423089
                                                                                                                                                                                                                                                                                                                                                                                      TrID:
                                                                                                                                                                                                                                                                                                                                                                                      • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                                                                                                                                                                                                      • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                                                                                                                                                                                                      • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                                                                                                                                                                                                      • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                                                                                                                                                                                      File name:file.exe
                                                                                                                                                                                                                                                                                                                                                                                      File size:922'112 bytes
                                                                                                                                                                                                                                                                                                                                                                                      MD5:5ddbda8baef12cdd69941b253fee8aec
                                                                                                                                                                                                                                                                                                                                                                                      SHA1:57e7be2b1a5a94a521da718c857cc47de4ca51de
                                                                                                                                                                                                                                                                                                                                                                                      SHA256:eb24498db31fab6a17b5b5c1eee0e87f46c324b74edc6b76db8ed4c0c66dcdd8
                                                                                                                                                                                                                                                                                                                                                                                      SHA512:648e76c6cf42268166e57afa3f9a7b5dadd5ac63eb13898e12098b173eb27b726cf7624b01b0404b3f73bf54d96595c21c2a2e4a991604c76d5aa83bcd32f139
                                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:12288:8qDEvFo+yo4DdbbMWu/jrQu4M9lBAlKhQcDGB3cuBNGE6iOrpfe4JdaDgaaTJ:8qDEvCTbMWu7rQYlBQcBiT6rprG8aqJ
                                                                                                                                                                                                                                                                                                                                                                                      TLSH:4A159E0273D1C062FF9B92334B5AF6515BBC69260123E61F13A81DB9BE701B1563E7A3
                                                                                                                                                                                                                                                                                                                                                                                      File Content Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......................j:......j:..C...j:......@.*...............................n.......~.............{.......{.......{.........z....
                                                                                                                                                                                                                                                                                                                                                                                      Icon Hash:aaf3e3e3938382a0
                                                                                                                                                                                                                                                                                                                                                                                      Entrypoint:0x420577
                                                                                                                                                                                                                                                                                                                                                                                      Entrypoint Section:.text
                                                                                                                                                                                                                                                                                                                                                                                      Digitally signed:false
                                                                                                                                                                                                                                                                                                                                                                                      Imagebase:0x400000
                                                                                                                                                                                                                                                                                                                                                                                      Subsystem:windows gui
                                                                                                                                                                                                                                                                                                                                                                                      Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                                                                                                                                                                                                                                                                                                                                                                                      DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                                                                                                                                                                      Time Stamp:0x673D467A [Wed Nov 20 02:16:26 2024 UTC]
                                                                                                                                                                                                                                                                                                                                                                                      TLS Callbacks:
                                                                                                                                                                                                                                                                                                                                                                                      CLR (.Net) Version:
                                                                                                                                                                                                                                                                                                                                                                                      OS Version Major:5
                                                                                                                                                                                                                                                                                                                                                                                      OS Version Minor:1
                                                                                                                                                                                                                                                                                                                                                                                      File Version Major:5
                                                                                                                                                                                                                                                                                                                                                                                      File Version Minor:1
                                                                                                                                                                                                                                                                                                                                                                                      Subsystem Version Major:5
                                                                                                                                                                                                                                                                                                                                                                                      Subsystem Version Minor:1
                                                                                                                                                                                                                                                                                                                                                                                      Import Hash:948cc502fe9226992dce9417f952fce3
                                                                                                                                                                                                                                                                                                                                                                                      Instruction
                                                                                                                                                                                                                                                                                                                                                                                      call 00007F705D04F7B3h
                                                                                                                                                                                                                                                                                                                                                                                      jmp 00007F705D04F0BFh
                                                                                                                                                                                                                                                                                                                                                                                      push ebp
                                                                                                                                                                                                                                                                                                                                                                                      mov ebp, esp
                                                                                                                                                                                                                                                                                                                                                                                      push esi
                                                                                                                                                                                                                                                                                                                                                                                      push dword ptr [ebp+08h]
                                                                                                                                                                                                                                                                                                                                                                                      mov esi, ecx
                                                                                                                                                                                                                                                                                                                                                                                      call 00007F705D04F29Dh
                                                                                                                                                                                                                                                                                                                                                                                      mov dword ptr [esi], 0049FDF0h
                                                                                                                                                                                                                                                                                                                                                                                      mov eax, esi
                                                                                                                                                                                                                                                                                                                                                                                      pop esi
                                                                                                                                                                                                                                                                                                                                                                                      pop ebp
                                                                                                                                                                                                                                                                                                                                                                                      retn 0004h
                                                                                                                                                                                                                                                                                                                                                                                      and dword ptr [ecx+04h], 00000000h
                                                                                                                                                                                                                                                                                                                                                                                      mov eax, ecx
                                                                                                                                                                                                                                                                                                                                                                                      and dword ptr [ecx+08h], 00000000h
                                                                                                                                                                                                                                                                                                                                                                                      mov dword ptr [ecx+04h], 0049FDF8h
                                                                                                                                                                                                                                                                                                                                                                                      mov dword ptr [ecx], 0049FDF0h
                                                                                                                                                                                                                                                                                                                                                                                      ret
                                                                                                                                                                                                                                                                                                                                                                                      push ebp
                                                                                                                                                                                                                                                                                                                                                                                      mov ebp, esp
                                                                                                                                                                                                                                                                                                                                                                                      push esi
                                                                                                                                                                                                                                                                                                                                                                                      push dword ptr [ebp+08h]
                                                                                                                                                                                                                                                                                                                                                                                      mov esi, ecx
                                                                                                                                                                                                                                                                                                                                                                                      call 00007F705D04F26Ah
                                                                                                                                                                                                                                                                                                                                                                                      mov dword ptr [esi], 0049FE0Ch
                                                                                                                                                                                                                                                                                                                                                                                      mov eax, esi
                                                                                                                                                                                                                                                                                                                                                                                      pop esi
                                                                                                                                                                                                                                                                                                                                                                                      pop ebp
                                                                                                                                                                                                                                                                                                                                                                                      retn 0004h
                                                                                                                                                                                                                                                                                                                                                                                      and dword ptr [ecx+04h], 00000000h
                                                                                                                                                                                                                                                                                                                                                                                      mov eax, ecx
                                                                                                                                                                                                                                                                                                                                                                                      and dword ptr [ecx+08h], 00000000h
                                                                                                                                                                                                                                                                                                                                                                                      mov dword ptr [ecx+04h], 0049FE14h
                                                                                                                                                                                                                                                                                                                                                                                      mov dword ptr [ecx], 0049FE0Ch
                                                                                                                                                                                                                                                                                                                                                                                      ret
                                                                                                                                                                                                                                                                                                                                                                                      push ebp
                                                                                                                                                                                                                                                                                                                                                                                      mov ebp, esp
                                                                                                                                                                                                                                                                                                                                                                                      push esi
                                                                                                                                                                                                                                                                                                                                                                                      mov esi, ecx
                                                                                                                                                                                                                                                                                                                                                                                      lea eax, dword ptr [esi+04h]
                                                                                                                                                                                                                                                                                                                                                                                      mov dword ptr [esi], 0049FDD0h
                                                                                                                                                                                                                                                                                                                                                                                      and dword ptr [eax], 00000000h
                                                                                                                                                                                                                                                                                                                                                                                      and dword ptr [eax+04h], 00000000h
                                                                                                                                                                                                                                                                                                                                                                                      push eax
                                                                                                                                                                                                                                                                                                                                                                                      mov eax, dword ptr [ebp+08h]
                                                                                                                                                                                                                                                                                                                                                                                      add eax, 04h
                                                                                                                                                                                                                                                                                                                                                                                      push eax
                                                                                                                                                                                                                                                                                                                                                                                      call 00007F705D051E5Dh
                                                                                                                                                                                                                                                                                                                                                                                      pop ecx
                                                                                                                                                                                                                                                                                                                                                                                      pop ecx
                                                                                                                                                                                                                                                                                                                                                                                      mov eax, esi
                                                                                                                                                                                                                                                                                                                                                                                      pop esi
                                                                                                                                                                                                                                                                                                                                                                                      pop ebp
                                                                                                                                                                                                                                                                                                                                                                                      retn 0004h
                                                                                                                                                                                                                                                                                                                                                                                      lea eax, dword ptr [ecx+04h]
                                                                                                                                                                                                                                                                                                                                                                                      mov dword ptr [ecx], 0049FDD0h
                                                                                                                                                                                                                                                                                                                                                                                      push eax
                                                                                                                                                                                                                                                                                                                                                                                      call 00007F705D051EA8h
                                                                                                                                                                                                                                                                                                                                                                                      pop ecx
                                                                                                                                                                                                                                                                                                                                                                                      ret
                                                                                                                                                                                                                                                                                                                                                                                      push ebp
                                                                                                                                                                                                                                                                                                                                                                                      mov ebp, esp
                                                                                                                                                                                                                                                                                                                                                                                      push esi
                                                                                                                                                                                                                                                                                                                                                                                      mov esi, ecx
                                                                                                                                                                                                                                                                                                                                                                                      lea eax, dword ptr [esi+04h]
                                                                                                                                                                                                                                                                                                                                                                                      mov dword ptr [esi], 0049FDD0h
                                                                                                                                                                                                                                                                                                                                                                                      push eax
                                                                                                                                                                                                                                                                                                                                                                                      call 00007F705D051E91h
                                                                                                                                                                                                                                                                                                                                                                                      test byte ptr [ebp+08h], 00000001h
                                                                                                                                                                                                                                                                                                                                                                                      pop ecx
                                                                                                                                                                                                                                                                                                                                                                                      Programming Language:
                                                                                                                                                                                                                                                                                                                                                                                      • [ C ] VS2008 SP1 build 30729
                                                                                                                                                                                                                                                                                                                                                                                      • [IMP] VS2008 SP1 build 30729
                                                                                                                                                                                                                                                                                                                                                                                      NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_IMPORT0xc8e640x17c.rdata
                                                                                                                                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_RESOURCE0xd40000xa7bc.rsrc
                                                                                                                                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_BASERELOC0xdf0000x7594.reloc
                                                                                                                                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_DEBUG0xb0ff00x1c.rdata
                                                                                                                                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_TLS0xc34000x18.rdata
                                                                                                                                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0xb10100x40.rdata
                                                                                                                                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_IAT0x9c0000x894.rdata
                                                                                                                                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                                                                                                                                                                                                                                                                                                                                                                                      NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                                                                                                                                                                      .text0x10000x9ab1d0x9ac000a1473f3064dcbc32ef93c5c8a90f3a6False0.565500681542811data6.668273581389308IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                                                                                                                      .rdata0x9c0000x2fb820x2fc00c9cf2468b60bf4f80f136ed54b3989fbFalse0.35289185209424084data5.691811547483722IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                                                                                                                      .data0xcc0000x706c0x480053b9025d545d65e23295e30afdbd16d9False0.04356553819444445DOS executable (block device driver @\273\)0.5846666986982398IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                                                                                                                                                      .rsrc0xd40000xa7bc0xa8003cfdcfc5655279ca36b84d7865e0f25aFalse0.3692103794642857data5.611118100215927IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                                                                                                                      .reloc0xdf0000x75940x7600c68ee8931a32d45eb82dc450ee40efc3False0.7628111758474576data6.7972128181359786IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                                                                                                                      NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                                                                                                                                                                      RT_ICON0xd45a80x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.7466216216216216
                                                                                                                                                                                                                                                                                                                                                                                      RT_ICON0xd46d00x128Device independent bitmap graphic, 16 x 32 x 4, image size 128, 16 important colorsEnglishGreat Britain0.3277027027027027
                                                                                                                                                                                                                                                                                                                                                                                      RT_ICON0xd47f80x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.3885135135135135
                                                                                                                                                                                                                                                                                                                                                                                      RT_ICON0xd49200x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 0EnglishGreat Britain0.3333333333333333
                                                                                                                                                                                                                                                                                                                                                                                      RT_ICON0xd4c080x128Device independent bitmap graphic, 16 x 32 x 4, image size 0EnglishGreat Britain0.5
                                                                                                                                                                                                                                                                                                                                                                                      RT_ICON0xd4d300xea8Device independent bitmap graphic, 48 x 96 x 8, image size 0EnglishGreat Britain0.2835820895522388
                                                                                                                                                                                                                                                                                                                                                                                      RT_ICON0xd5bd80x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 0EnglishGreat Britain0.37906137184115524
                                                                                                                                                                                                                                                                                                                                                                                      RT_ICON0xd64800x568Device independent bitmap graphic, 16 x 32 x 8, image size 0EnglishGreat Britain0.23699421965317918
                                                                                                                                                                                                                                                                                                                                                                                      RT_ICON0xd69e80x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0EnglishGreat Britain0.13858921161825727
                                                                                                                                                                                                                                                                                                                                                                                      RT_ICON0xd8f900x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0EnglishGreat Britain0.25070356472795496
                                                                                                                                                                                                                                                                                                                                                                                      RT_ICON0xda0380x468Device independent bitmap graphic, 16 x 32 x 32, image size 0EnglishGreat Britain0.3173758865248227
                                                                                                                                                                                                                                                                                                                                                                                      RT_MENU0xda4a00x50dataEnglishGreat Britain0.9
                                                                                                                                                                                                                                                                                                                                                                                      RT_STRING0xda4f00x594dataEnglishGreat Britain0.3333333333333333
                                                                                                                                                                                                                                                                                                                                                                                      RT_STRING0xdaa840x68adataEnglishGreat Britain0.2735961768219833
                                                                                                                                                                                                                                                                                                                                                                                      RT_STRING0xdb1100x490dataEnglishGreat Britain0.3715753424657534
                                                                                                                                                                                                                                                                                                                                                                                      RT_STRING0xdb5a00x5fcdataEnglishGreat Britain0.3087467362924282
                                                                                                                                                                                                                                                                                                                                                                                      RT_STRING0xdbb9c0x65cdataEnglishGreat Britain0.34336609336609336
                                                                                                                                                                                                                                                                                                                                                                                      RT_STRING0xdc1f80x466dataEnglishGreat Britain0.3605683836589698
                                                                                                                                                                                                                                                                                                                                                                                      RT_STRING0xdc6600x158Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 0EnglishGreat Britain0.502906976744186
                                                                                                                                                                                                                                                                                                                                                                                      RT_RCDATA0xdc7b80x1a84data1.0016205067766648
                                                                                                                                                                                                                                                                                                                                                                                      RT_GROUP_ICON0xde23c0x76dataEnglishGreat Britain0.6610169491525424
                                                                                                                                                                                                                                                                                                                                                                                      RT_GROUP_ICON0xde2b40x14dataEnglishGreat Britain1.25
                                                                                                                                                                                                                                                                                                                                                                                      RT_GROUP_ICON0xde2c80x14dataEnglishGreat Britain1.15
                                                                                                                                                                                                                                                                                                                                                                                      RT_GROUP_ICON0xde2dc0x14dataEnglishGreat Britain1.25
                                                                                                                                                                                                                                                                                                                                                                                      RT_VERSION0xde2f00xdcdataEnglishGreat Britain0.6181818181818182
                                                                                                                                                                                                                                                                                                                                                                                      RT_MANIFEST0xde3cc0x3efASCII text, with CRLF line terminatorsEnglishGreat Britain0.5074478649453823
                                                                                                                                                                                                                                                                                                                                                                                      DLLImport
                                                                                                                                                                                                                                                                                                                                                                                      WSOCK32.dllgethostbyname, recv, send, socket, inet_ntoa, setsockopt, ntohs, WSACleanup, WSAStartup, sendto, htons, __WSAFDIsSet, select, accept, listen, bind, inet_addr, ioctlsocket, recvfrom, WSAGetLastError, closesocket, gethostname, connect
                                                                                                                                                                                                                                                                                                                                                                                      VERSION.dllGetFileVersionInfoW, VerQueryValueW, GetFileVersionInfoSizeW
                                                                                                                                                                                                                                                                                                                                                                                      WINMM.dlltimeGetTime, waveOutSetVolume, mciSendStringW
                                                                                                                                                                                                                                                                                                                                                                                      COMCTL32.dllImageList_ReplaceIcon, ImageList_Destroy, ImageList_Remove, ImageList_SetDragCursorImage, ImageList_BeginDrag, ImageList_DragEnter, ImageList_DragLeave, ImageList_EndDrag, ImageList_DragMove, InitCommonControlsEx, ImageList_Create
                                                                                                                                                                                                                                                                                                                                                                                      MPR.dllWNetGetConnectionW, WNetCancelConnection2W, WNetUseConnectionW, WNetAddConnection2W
                                                                                                                                                                                                                                                                                                                                                                                      WININET.dllHttpOpenRequestW, InternetCloseHandle, InternetOpenW, InternetSetOptionW, InternetCrackUrlW, HttpQueryInfoW, InternetQueryOptionW, InternetConnectW, HttpSendRequestW, FtpOpenFileW, FtpGetFileSize, InternetOpenUrlW, InternetReadFile, InternetQueryDataAvailable
                                                                                                                                                                                                                                                                                                                                                                                      PSAPI.DLLGetProcessMemoryInfo
                                                                                                                                                                                                                                                                                                                                                                                      IPHLPAPI.DLLIcmpSendEcho, IcmpCloseHandle, IcmpCreateFile
                                                                                                                                                                                                                                                                                                                                                                                      USERENV.dllDestroyEnvironmentBlock, LoadUserProfileW, CreateEnvironmentBlock, UnloadUserProfile
                                                                                                                                                                                                                                                                                                                                                                                      UxTheme.dllIsThemeActive
                                                                                                                                                                                                                                                                                                                                                                                      KERNEL32.dllDuplicateHandle, CreateThread, WaitForSingleObject, HeapAlloc, GetProcessHeap, HeapFree, Sleep, GetCurrentThreadId, MultiByteToWideChar, MulDiv, GetVersionExW, IsWow64Process, GetSystemInfo, FreeLibrary, LoadLibraryA, GetProcAddress, SetErrorMode, GetModuleFileNameW, WideCharToMultiByte, lstrcpyW, lstrlenW, GetModuleHandleW, QueryPerformanceCounter, VirtualFreeEx, OpenProcess, VirtualAllocEx, WriteProcessMemory, ReadProcessMemory, CreateFileW, SetFilePointerEx, SetEndOfFile, ReadFile, WriteFile, FlushFileBuffers, TerminateProcess, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, SetFileTime, GetFileAttributesW, FindFirstFileW, FindClose, GetLongPathNameW, GetShortPathNameW, DeleteFileW, IsDebuggerPresent, CopyFileExW, MoveFileW, CreateDirectoryW, RemoveDirectoryW, SetSystemPowerState, QueryPerformanceFrequency, LoadResource, LockResource, SizeofResource, OutputDebugStringW, GetTempPathW, GetTempFileNameW, DeviceIoControl, LoadLibraryW, GetLocalTime, CompareStringW, GetCurrentThread, EnterCriticalSection, LeaveCriticalSection, GetStdHandle, CreatePipe, InterlockedExchange, TerminateThread, LoadLibraryExW, FindResourceExW, CopyFileW, VirtualFree, FormatMessageW, GetExitCodeProcess, GetPrivateProfileStringW, WritePrivateProfileStringW, GetPrivateProfileSectionW, WritePrivateProfileSectionW, GetPrivateProfileSectionNamesW, FileTimeToLocalFileTime, FileTimeToSystemTime, SystemTimeToFileTime, LocalFileTimeToFileTime, GetDriveTypeW, GetDiskFreeSpaceExW, GetDiskFreeSpaceW, GetVolumeInformationW, SetVolumeLabelW, CreateHardLinkW, SetFileAttributesW, CreateEventW, SetEvent, GetEnvironmentVariableW, SetEnvironmentVariableW, GlobalLock, GlobalUnlock, GlobalAlloc, GetFileSize, GlobalFree, GlobalMemoryStatusEx, Beep, GetSystemDirectoryW, HeapReAlloc, HeapSize, GetComputerNameW, GetWindowsDirectoryW, GetCurrentProcessId, GetProcessIoCounters, CreateProcessW, GetProcessId, SetPriorityClass, VirtualAlloc, GetCurrentDirectoryW, lstrcmpiW, DecodePointer, GetLastError, RaiseException, InitializeCriticalSectionAndSpinCount, DeleteCriticalSection, InterlockedDecrement, InterlockedIncrement, ResetEvent, WaitForSingleObjectEx, IsProcessorFeaturePresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, CloseHandle, GetFullPathNameW, GetStartupInfoW, GetSystemTimeAsFileTime, InitializeSListHead, RtlUnwind, SetLastError, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, EncodePointer, ExitProcess, GetModuleHandleExW, ExitThread, ResumeThread, FreeLibraryAndExitThread, GetACP, GetDateFormatW, GetTimeFormatW, LCMapStringW, GetStringTypeW, GetFileType, SetStdHandle, GetConsoleCP, GetConsoleMode, ReadConsoleW, GetTimeZoneInformation, FindFirstFileExW, IsValidCodePage, GetOEMCP, GetCPInfo, GetCommandLineA, GetCommandLineW, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetEnvironmentVariableA, SetCurrentDirectoryW, FindNextFileW, WriteConsoleW
                                                                                                                                                                                                                                                                                                                                                                                      USER32.dllGetKeyboardLayoutNameW, IsCharAlphaW, IsCharAlphaNumericW, IsCharLowerW, IsCharUpperW, GetMenuStringW, GetSubMenu, GetCaretPos, IsZoomed, GetMonitorInfoW, SetWindowLongW, SetLayeredWindowAttributes, FlashWindow, GetClassLongW, TranslateAcceleratorW, IsDialogMessageW, GetSysColor, InflateRect, DrawFocusRect, DrawTextW, FrameRect, DrawFrameControl, FillRect, PtInRect, DestroyAcceleratorTable, CreateAcceleratorTableW, SetCursor, GetWindowDC, GetSystemMetrics, GetActiveWindow, CharNextW, wsprintfW, RedrawWindow, DrawMenuBar, DestroyMenu, SetMenu, GetWindowTextLengthW, CreateMenu, IsDlgButtonChecked, DefDlgProcW, CallWindowProcW, ReleaseCapture, SetCapture, PeekMessageW, GetInputState, UnregisterHotKey, CharLowerBuffW, MonitorFromPoint, MonitorFromRect, LoadImageW, mouse_event, ExitWindowsEx, SetActiveWindow, FindWindowExW, EnumThreadWindows, SetMenuDefaultItem, InsertMenuItemW, IsMenu, ClientToScreen, GetCursorPos, DeleteMenu, CheckMenuRadioItem, GetMenuItemID, GetMenuItemCount, SetMenuItemInfoW, GetMenuItemInfoW, SetForegroundWindow, IsIconic, FindWindowW, SystemParametersInfoW, LockWindowUpdate, SendInput, GetAsyncKeyState, SetKeyboardState, GetKeyboardState, GetKeyState, VkKeyScanW, LoadStringW, DialogBoxParamW, MessageBeep, EndDialog, SendDlgItemMessageW, GetDlgItem, SetWindowTextW, CopyRect, ReleaseDC, GetDC, EndPaint, BeginPaint, GetClientRect, GetMenu, DestroyWindow, EnumWindows, GetDesktopWindow, IsWindow, IsWindowEnabled, IsWindowVisible, EnableWindow, InvalidateRect, GetWindowLongW, GetWindowThreadProcessId, AttachThreadInput, GetFocus, GetWindowTextW, SendMessageTimeoutW, EnumChildWindows, CharUpperBuffW, GetClassNameW, GetParent, GetDlgCtrlID, SendMessageW, MapVirtualKeyW, PostMessageW, GetWindowRect, SetUserObjectSecurity, CloseDesktop, CloseWindowStation, OpenDesktopW, RegisterHotKey, GetCursorInfo, SetWindowPos, CopyImage, AdjustWindowRectEx, SetRect, SetClipboardData, EmptyClipboard, CountClipboardFormats, CloseClipboard, GetClipboardData, IsClipboardFormatAvailable, OpenClipboard, BlockInput, TrackPopupMenuEx, GetMessageW, SetProcessWindowStation, GetProcessWindowStation, OpenWindowStationW, GetUserObjectSecurity, MessageBoxW, DefWindowProcW, MoveWindow, SetFocus, PostQuitMessage, KillTimer, CreatePopupMenu, RegisterWindowMessageW, SetTimer, ShowWindow, CreateWindowExW, RegisterClassExW, LoadIconW, LoadCursorW, GetSysColorBrush, GetForegroundWindow, MessageBoxA, DestroyIcon, DispatchMessageW, keybd_event, TranslateMessage, ScreenToClient
                                                                                                                                                                                                                                                                                                                                                                                      GDI32.dllEndPath, DeleteObject, GetTextExtentPoint32W, ExtCreatePen, StrokeAndFillPath, GetDeviceCaps, SetPixel, CloseFigure, LineTo, AngleArc, MoveToEx, Ellipse, CreateCompatibleBitmap, CreateCompatibleDC, PolyDraw, BeginPath, Rectangle, SetViewportOrgEx, GetObjectW, SetBkMode, RoundRect, SetBkColor, CreatePen, SelectObject, StretchBlt, CreateSolidBrush, SetTextColor, CreateFontW, GetTextFaceW, GetStockObject, CreateDCW, GetPixel, DeleteDC, GetDIBits, StrokePath
                                                                                                                                                                                                                                                                                                                                                                                      COMDLG32.dllGetSaveFileNameW, GetOpenFileNameW
                                                                                                                                                                                                                                                                                                                                                                                      ADVAPI32.dllGetAce, RegEnumValueW, RegDeleteValueW, RegDeleteKeyW, RegEnumKeyExW, RegSetValueExW, RegOpenKeyExW, RegCloseKey, RegQueryValueExW, RegConnectRegistryW, InitializeSecurityDescriptor, InitializeAcl, AdjustTokenPrivileges, OpenThreadToken, OpenProcessToken, LookupPrivilegeValueW, DuplicateTokenEx, CreateProcessAsUserW, CreateProcessWithLogonW, GetLengthSid, CopySid, LogonUserW, AllocateAndInitializeSid, CheckTokenMembership, FreeSid, GetTokenInformation, RegCreateKeyExW, GetSecurityDescriptorDacl, GetAclInformation, GetUserNameW, AddAce, SetSecurityDescriptorDacl, InitiateSystemShutdownExW
                                                                                                                                                                                                                                                                                                                                                                                      SHELL32.dllDragFinish, DragQueryPoint, ShellExecuteExW, DragQueryFileW, SHEmptyRecycleBinW, SHGetPathFromIDListW, SHBrowseForFolderW, SHCreateShellItem, SHGetDesktopFolder, SHGetSpecialFolderLocation, SHGetFolderPathW, SHFileOperationW, ExtractIconExW, Shell_NotifyIconW, ShellExecuteW
                                                                                                                                                                                                                                                                                                                                                                                      ole32.dllCoTaskMemAlloc, CoTaskMemFree, CLSIDFromString, ProgIDFromCLSID, CLSIDFromProgID, OleSetMenuDescriptor, MkParseDisplayName, OleSetContainedObject, CoCreateInstance, IIDFromString, StringFromGUID2, CreateStreamOnHGlobal, OleInitialize, OleUninitialize, CoInitialize, CoUninitialize, GetRunningObjectTable, CoGetInstanceFromFile, CoGetObject, CoInitializeSecurity, CoCreateInstanceEx, CoSetProxyBlanket
                                                                                                                                                                                                                                                                                                                                                                                      OLEAUT32.dllCreateStdDispatch, CreateDispTypeInfo, UnRegisterTypeLib, UnRegisterTypeLibForUser, RegisterTypeLibForUser, RegisterTypeLib, LoadTypeLibEx, VariantCopyInd, SysReAllocString, SysFreeString, VariantChangeType, SafeArrayDestroyData, SafeArrayUnaccessData, SafeArrayAccessData, SafeArrayAllocData, SafeArrayAllocDescriptorEx, SafeArrayCreateVector, SysStringLen, QueryPathOfRegTypeLib, SysAllocString, VariantInit, VariantClear, DispCallFunc, VariantTimeToSystemTime, VarR8FromDec, SafeArrayGetVartype, SafeArrayDestroyDescriptor, VariantCopy, OleLoadPicture
                                                                                                                                                                                                                                                                                                                                                                                      Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                                                                                                                                                                                                      EnglishGreat Britain
                                                                                                                                                                                                                                                                                                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:46.442027092 CET49736443192.168.2.435.190.72.216
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:46.442066908 CET4434973635.190.72.216192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:46.442662954 CET49736443192.168.2.435.190.72.216
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:46.447942019 CET49736443192.168.2.435.190.72.216
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:46.447954893 CET4434973635.190.72.216192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:46.924597979 CET4434973635.190.72.216192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:46.924741030 CET49736443192.168.2.435.190.72.216
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:46.933851957 CET49736443192.168.2.435.190.72.216
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:46.933898926 CET4434973635.190.72.216192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:46.933969021 CET49736443192.168.2.435.190.72.216
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:46.934320927 CET4434973635.190.72.216192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:46.934431076 CET49736443192.168.2.435.190.72.216
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:48.728065968 CET49738443192.168.2.4142.250.185.206
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:48.728152990 CET44349738142.250.185.206192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:48.728647947 CET49738443192.168.2.4142.250.185.206
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:48.730168104 CET49738443192.168.2.4142.250.185.206
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:48.730201960 CET44349738142.250.185.206192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:48.827616930 CET4973980192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:48.832596064 CET804973934.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:48.832799911 CET4973980192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:48.832942963 CET4973980192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:48.838095903 CET804973934.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:48.950047016 CET49740443192.168.2.4142.250.185.206
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:48.950160980 CET44349740142.250.185.206192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:48.950373888 CET49740443192.168.2.4142.250.185.206
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:48.951822996 CET49740443192.168.2.4142.250.185.206
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:48.951858044 CET44349740142.250.185.206192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:49.165051937 CET49741443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:49.165139914 CET4434974134.117.188.166192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:49.165240049 CET49741443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:49.166759968 CET49741443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:49.166790009 CET4434974134.117.188.166192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:49.212621927 CET49742443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:49.212682962 CET4434974234.117.188.166192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:49.213187933 CET49742443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:49.214536905 CET49742443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:49.214566946 CET4434974234.117.188.166192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:49.214885950 CET49743443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:49.214905977 CET4434974335.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:49.215503931 CET49743443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:49.215708017 CET49743443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:49.215732098 CET4434974335.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:49.282386065 CET804973934.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:49.335988045 CET4973980192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:49.354487896 CET49744443192.168.2.434.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:49.354577065 CET4434974434.160.144.191192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:49.354644060 CET49744443192.168.2.434.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:49.354780912 CET49744443192.168.2.434.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:49.354803085 CET4434974434.160.144.191192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:49.371567965 CET44349738142.250.185.206192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:49.371668100 CET49738443192.168.2.4142.250.185.206
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:49.372598886 CET44349738142.250.185.206192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:49.373449087 CET49738443192.168.2.4142.250.185.206
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:49.379456997 CET49738443192.168.2.4142.250.185.206
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:49.379501104 CET44349738142.250.185.206192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:49.379554987 CET49738443192.168.2.4142.250.185.206
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:49.379736900 CET44349738142.250.185.206192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:49.379811049 CET49738443192.168.2.4142.250.185.206
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:49.406050920 CET4974580192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:49.410944939 CET804974534.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:49.411756039 CET4974580192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:49.411859989 CET4974580192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:49.417004108 CET804974534.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:49.591296911 CET44349740142.250.185.206192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:49.591396093 CET49740443192.168.2.4142.250.185.206
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:49.592742920 CET44349740142.250.185.206192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:49.592822075 CET49740443192.168.2.4142.250.185.206
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:49.597052097 CET49740443192.168.2.4142.250.185.206
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:49.597095013 CET44349740142.250.185.206192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:49.597187996 CET49740443192.168.2.4142.250.185.206
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:49.597385883 CET44349740142.250.185.206192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:49.597661018 CET49747443192.168.2.4142.250.185.206
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:49.597703934 CET49740443192.168.2.4142.250.185.206
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:49.597783089 CET44349747142.250.185.206192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:49.597862005 CET49747443192.168.2.4142.250.185.206
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:49.599217892 CET49747443192.168.2.4142.250.185.206
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:49.599251986 CET44349747142.250.185.206192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:49.638565063 CET4434974134.117.188.166192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:49.638669968 CET49741443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:49.647531033 CET49741443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:49.647578955 CET4434974134.117.188.166192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:49.647665977 CET49741443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:49.648086071 CET49748443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:49.648140907 CET4434974834.117.188.166192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:49.648183107 CET4434974134.117.188.166192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:49.648288012 CET49741443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:49.648288012 CET49748443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:49.649668932 CET49748443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:49.649696112 CET4434974834.117.188.166192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:49.690948963 CET4434974234.117.188.166192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:49.693109035 CET49742443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:49.697777987 CET49742443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:49.697812080 CET4434974234.117.188.166192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:49.697859049 CET49742443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:49.698071003 CET4434974234.117.188.166192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:49.698133945 CET49742443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:49.711205959 CET4434974335.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:49.712671041 CET49743443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:49.715387106 CET49743443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:49.715411901 CET4434974335.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:49.715795040 CET4434974335.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:49.717508078 CET49743443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:49.717588902 CET49743443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:49.717694044 CET4434974335.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:49.721451044 CET49743443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:49.721451044 CET49743443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:49.786681890 CET49749443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:49.786773920 CET4434974934.117.188.166192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:49.786901951 CET49749443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:49.788434029 CET49749443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:49.788472891 CET4434974934.117.188.166192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:49.788923979 CET4973980192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:49.794243097 CET804973934.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:49.803400993 CET4973980192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:49.816427946 CET4434974434.160.144.191192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:49.816523075 CET49744443192.168.2.434.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:49.819715023 CET49744443192.168.2.434.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:49.819745064 CET4434974434.160.144.191192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:49.820255995 CET4434974434.160.144.191192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:49.822436094 CET49744443192.168.2.434.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:49.822659016 CET4434974434.160.144.191192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:49.822748899 CET49744443192.168.2.434.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:49.822765112 CET4434974434.160.144.191192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:49.823128939 CET49750443192.168.2.434.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:49.823163986 CET4434975034.160.144.191192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:49.823409081 CET49750443192.168.2.434.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:49.823415995 CET49744443192.168.2.434.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:49.823579073 CET49750443192.168.2.434.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:49.823592901 CET4434975034.160.144.191192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:49.828401089 CET4975180192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:49.833308935 CET804975134.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:49.833408117 CET4975180192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:49.833560944 CET4975180192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:49.838413954 CET804975134.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:49.860785961 CET804974534.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:49.868805885 CET4974580192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:49.873965979 CET804974534.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:49.874039888 CET4974580192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:50.221575975 CET4434974834.117.188.166192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:50.222996950 CET49748443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:50.228391886 CET49748443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:50.228442907 CET4434974834.117.188.166192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:50.228477955 CET49748443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:50.228722095 CET4434974834.117.188.166192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:50.228828907 CET49748443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:50.238451004 CET44349747142.250.185.206192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:50.239473104 CET44349747142.250.185.206192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:50.251339912 CET44349747142.250.185.206192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:50.254126072 CET4434974934.117.188.166192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:50.254137993 CET49747443192.168.2.4142.250.185.206
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:50.258102894 CET49747443192.168.2.4142.250.185.206
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:50.258127928 CET44349747142.250.185.206192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:50.258183002 CET49747443192.168.2.4142.250.185.206
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:50.258466005 CET44349747142.250.185.206192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:50.263344049 CET4434974934.117.188.166192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:50.269762993 CET49747443192.168.2.4142.250.185.206
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:50.269916058 CET49749443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:50.277751923 CET49749443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:50.277784109 CET4434974934.117.188.166192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:50.277861118 CET49749443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:50.278234959 CET49752443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:50.278292894 CET4434974934.117.188.166192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:50.278295040 CET4434975234.117.188.166192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:50.278620005 CET804975134.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:50.291945934 CET49749443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:50.291956902 CET49752443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:50.297385931 CET49752443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:50.297414064 CET4434975234.117.188.166192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:50.303695917 CET4434975034.160.144.191192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:50.306570053 CET49750443192.168.2.434.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:50.309880972 CET49750443192.168.2.434.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:50.309901953 CET4434975034.160.144.191192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:50.310278893 CET4434975034.160.144.191192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:50.312345982 CET49750443192.168.2.434.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:50.312345982 CET49750443192.168.2.434.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:50.312541962 CET4434975034.160.144.191192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:50.312903881 CET49750443192.168.2.434.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:50.338757038 CET4975180192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:50.760504007 CET4434975234.117.188.166192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:50.760526896 CET4434975234.117.188.166192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:50.764939070 CET49752443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:50.779639959 CET49752443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:50.779670954 CET4434975234.117.188.166192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:50.779727936 CET49752443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:50.779930115 CET4434975234.117.188.166192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:50.780095100 CET49752443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:51.003458977 CET5094080192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:51.009218931 CET805094034.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:51.010293007 CET5094080192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:51.010557890 CET5094080192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:51.015429974 CET805094034.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:51.136662960 CET4975180192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:51.141643047 CET804975134.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:51.231564999 CET804975134.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:51.279154062 CET4975180192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:51.315228939 CET5094080192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:51.360270977 CET805094034.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:51.378144979 CET5094280192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:51.379146099 CET50943443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:51.379189968 CET4435094334.107.243.93192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:51.379472017 CET50943443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:51.381242990 CET50943443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:51.381289005 CET4435094334.107.243.93192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:51.383064032 CET805094234.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:51.384535074 CET5094280192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:51.384684086 CET5094280192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:51.389749050 CET805094234.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:51.393915892 CET805094034.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:51.394576073 CET5094080192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:51.847378016 CET805094234.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:51.848941088 CET4435094334.107.243.93192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:51.849029064 CET50943443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:51.853701115 CET50943443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:51.853734016 CET4435094334.107.243.93192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:51.853776932 CET50943443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:51.854062080 CET4435094334.107.243.93192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:51.854130030 CET50943443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:51.905517101 CET5094280192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:55.412708044 CET50945443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:55.412772894 CET4435094534.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:55.416167974 CET4975180192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:55.417078018 CET50945443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:55.418762922 CET50945443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:55.418782949 CET4435094534.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:55.421119928 CET804975134.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:55.431063890 CET50946443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:55.431106091 CET4435094634.149.100.209192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:55.431529045 CET50946443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:55.433715105 CET50946443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:55.433736086 CET4435094634.149.100.209192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:55.511084080 CET804975134.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:55.520925045 CET50947443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:55.521029949 CET4435094735.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:55.521136045 CET50947443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:55.521265030 CET50947443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:55.521286011 CET4435094735.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:55.570493937 CET4975180192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:55.873450041 CET4435094534.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:55.882528067 CET50945443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:55.887223005 CET50945443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:55.887250900 CET4435094534.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:55.887329102 CET50945443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:55.887433052 CET4435094534.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:55.888190985 CET50945443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:55.896586895 CET4435094634.149.100.209192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:55.899374962 CET50946443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:55.903323889 CET50946443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:55.903323889 CET50946443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:55.903345108 CET4435094634.149.100.209192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:55.903610945 CET4435094634.149.100.209192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:55.903667927 CET50946443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:56.002912998 CET4435094735.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:56.004416943 CET50947443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:56.006910086 CET50947443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:56.006939888 CET4435094735.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:56.007323980 CET4435094735.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:56.009496927 CET50947443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:56.009496927 CET50947443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:56.009694099 CET4435094735.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:56.009783983 CET50947443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:59.926810026 CET5094280192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:59.931915045 CET805094234.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:00.024468899 CET805094234.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:00.075746059 CET5094280192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:00.283396959 CET4975180192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:00.288547993 CET804975134.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:00.311351061 CET50954443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:00.311405897 CET4435095434.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:00.311682940 CET50954443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:00.378669977 CET804975134.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:00.423508883 CET4975180192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:01.095017910 CET50954443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:01.095077991 CET4435095434.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:01.222791910 CET5094280192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:01.227790117 CET805094234.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:01.231355906 CET4975180192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:01.236318111 CET804975134.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:01.320758104 CET805094234.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:01.326164007 CET804975134.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:01.363883972 CET5094280192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:01.379504919 CET4975180192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:01.558609009 CET4435095434.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:01.558691025 CET50954443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:01.843404055 CET50955443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:01.843497038 CET4435095534.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:01.843713999 CET50956443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:01.843800068 CET4435095634.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:01.845123053 CET50957443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:01.845206022 CET4435095734.107.243.93192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:01.848074913 CET50954443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:01.848099947 CET4435095434.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:01.848153114 CET50954443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:01.848324060 CET4435095434.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:01.849759102 CET50954443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:01.849828005 CET50956443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:01.849896908 CET50955443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:01.849944115 CET50957443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:01.850246906 CET50955443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:01.850320101 CET4435095534.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:01.851627111 CET50957443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:01.851627111 CET50956443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:01.851706982 CET4435095734.107.243.93192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:01.851754904 CET4435095634.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:02.006402969 CET5094280192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:02.011409044 CET805094234.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:02.106720924 CET805094234.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:02.150547981 CET5094280192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:02.228235006 CET4975180192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:02.229907036 CET50958443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:02.229993105 CET4435095834.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:02.230566978 CET50958443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:02.231820107 CET50958443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:02.231885910 CET4435095834.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:02.233153105 CET804975134.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:02.313298941 CET4435095634.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:02.313484907 CET50956443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:02.323281050 CET804975134.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:02.327195883 CET50956443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:02.327250004 CET4435095634.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:02.328263044 CET4435095634.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:02.331784964 CET50956443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:02.331785917 CET50956443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:02.332415104 CET4435095634.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:02.333045006 CET4435095534.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:02.333103895 CET50956443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:02.333381891 CET50955443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:02.337296009 CET4435095734.107.243.93192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:02.337490082 CET50957443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:02.366842985 CET4975180192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:02.687650919 CET4435095834.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:02.687751055 CET50958443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:02.877887964 CET50955443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:02.877963066 CET4435095534.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:02.878839970 CET4435095534.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:02.880611897 CET50957443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:02.880706072 CET4435095734.107.243.93192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:02.880748987 CET50957443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:02.880945921 CET4435095734.107.243.93192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:02.881299019 CET50958443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:02.881325006 CET4435095834.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:02.881367922 CET50958443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:02.881450891 CET50957443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:02.881989002 CET4435095834.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:02.882651091 CET50955443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:02.882714033 CET50955443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:02.882817984 CET50958443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:02.883089066 CET4435095534.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:02.883742094 CET50955443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:03.089802980 CET5094280192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:03.094784021 CET805094234.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:03.188360929 CET805094234.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:03.231534004 CET5094280192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:04.162897110 CET4975180192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:04.167992115 CET804975134.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:04.257899046 CET804975134.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:04.303431988 CET4975180192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:04.315521002 CET5094280192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:04.320463896 CET805094234.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:04.413470030 CET805094234.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:04.457192898 CET5094280192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:13.304254055 CET50959443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:13.304353952 CET4435095934.107.243.93192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:13.304775953 CET50959443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:13.306755066 CET50959443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:13.306793928 CET4435095934.107.243.93192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:13.782845020 CET4435095934.107.243.93192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:13.782924891 CET50959443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:13.787905931 CET50959443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:13.787939072 CET4435095934.107.243.93192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:13.787986994 CET50959443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:13.788120985 CET4435095934.107.243.93192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:13.788976908 CET50959443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:13.791716099 CET4975180192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:13.798356056 CET804975134.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:13.887984991 CET804975134.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:13.891360998 CET5094280192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:13.896336079 CET805094234.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:13.933909893 CET4975180192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:13.989304066 CET805094234.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:14.034169912 CET5094280192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:15.134305954 CET50960443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:15.134355068 CET4435096035.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:15.134980917 CET50960443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:15.135174036 CET50960443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:15.135185957 CET4435096035.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:15.163069963 CET50961443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:15.163158894 CET4435096134.149.100.209192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:15.163537025 CET50961443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:15.163702011 CET50961443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:15.163739920 CET4435096134.149.100.209192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:15.166649103 CET50962443192.168.2.4151.101.1.91
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:15.166661024 CET44350962151.101.1.91192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:15.166759968 CET50962443192.168.2.4151.101.1.91
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:15.166826010 CET50962443192.168.2.4151.101.1.91
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:15.166834116 CET44350962151.101.1.91192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:15.193929911 CET50963443192.168.2.435.190.72.216
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:15.194019079 CET4435096335.190.72.216192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:15.201958895 CET50963443192.168.2.435.190.72.216
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:15.203993082 CET50963443192.168.2.435.190.72.216
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:15.204030991 CET4435096335.190.72.216192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:15.215552092 CET50964443192.168.2.435.201.103.21
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:15.215565920 CET4435096435.201.103.21192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:15.222085953 CET50964443192.168.2.435.201.103.21
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:15.223470926 CET50964443192.168.2.435.201.103.21
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:15.223484039 CET4435096435.201.103.21192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:15.614425898 CET4435096134.149.100.209192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:15.614525080 CET50961443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:15.616020918 CET4435096035.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:15.620724916 CET50961443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:15.620784998 CET4435096134.149.100.209192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:15.620995998 CET4435096134.149.100.209192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:15.623387098 CET4435096035.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:15.625695944 CET50960443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:15.629645109 CET50960443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:15.629659891 CET4435096035.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:15.630547047 CET4435096035.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:15.634274960 CET50961443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:15.634414911 CET50961443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:15.634424925 CET4435096134.149.100.209192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:15.634435892 CET4435096134.149.100.209192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:15.634815931 CET50960443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:15.634886026 CET50960443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:15.635235071 CET4435096035.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:15.635868073 CET50960443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:15.638998985 CET4975180192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:15.643862009 CET804975134.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:15.671241045 CET44350962151.101.1.91192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:15.671256065 CET4435096335.190.72.216192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:15.671338081 CET4435096335.190.72.216192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:15.671339035 CET50962443192.168.2.4151.101.1.91
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:15.671391010 CET50963443192.168.2.435.190.72.216
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:15.674559116 CET50962443192.168.2.4151.101.1.91
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:15.674568892 CET44350962151.101.1.91192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:15.674801111 CET44350962151.101.1.91192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:15.681708097 CET50962443192.168.2.4151.101.1.91
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:15.681812048 CET50962443192.168.2.4151.101.1.91
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:15.681853056 CET44350962151.101.1.91192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:15.682229996 CET50963443192.168.2.435.190.72.216
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:15.682284117 CET4435096335.190.72.216192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:15.682316065 CET50963443192.168.2.435.190.72.216
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:15.682466984 CET4435096335.190.72.216192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:15.683496952 CET50962443192.168.2.4151.101.1.91
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:15.683520079 CET50963443192.168.2.435.190.72.216
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:15.691080093 CET50965443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:15.691129923 CET4435096535.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:15.692307949 CET50965443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:15.692939043 CET50966443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:15.692980051 CET4435096635.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:15.693094969 CET50965443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:15.693126917 CET4435096535.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:15.694487095 CET50966443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:15.694757938 CET50966443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:15.694777966 CET4435096635.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:15.698915958 CET50967443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:15.698941946 CET4435096735.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:15.699707031 CET50967443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:15.700020075 CET50967443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:15.700045109 CET4435096735.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:15.700958967 CET4435096435.201.103.21192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:15.700978041 CET4435096435.201.103.21192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:15.701210976 CET50964443192.168.2.435.201.103.21
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:15.706590891 CET50964443192.168.2.435.201.103.21
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:15.706612110 CET4435096435.201.103.21192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:15.706654072 CET50964443192.168.2.435.201.103.21
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:15.706964016 CET4435096435.201.103.21192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:15.707921982 CET50964443192.168.2.435.201.103.21
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:15.724459887 CET50968443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:15.724545002 CET4435096834.149.100.209192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:15.724633932 CET50968443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:15.724716902 CET50968443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:15.724741936 CET4435096834.149.100.209192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:15.733664989 CET804975134.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:15.736618042 CET5094280192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:15.741492033 CET805094234.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:15.776930094 CET4975180192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:15.834364891 CET805094234.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:15.843338013 CET4435096134.149.100.209192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:15.843409061 CET50961443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:15.877226114 CET5094280192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:16.157773972 CET4435096635.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:16.157850027 CET50966443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:16.160530090 CET50966443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:16.160542011 CET4435096635.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:16.160764933 CET4435096635.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:16.163184881 CET4435096535.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:16.163242102 CET50966443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:16.163324118 CET50966443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:16.163388014 CET4435096635.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:16.168361902 CET4975180192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:16.169215918 CET50966443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:16.169255018 CET50965443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:16.172969103 CET50965443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:16.172982931 CET4435096535.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:16.173257113 CET804975134.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:16.173321009 CET4435096535.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:16.176234961 CET50965443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:16.176295042 CET50965443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:16.176601887 CET4435096535.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:16.178152084 CET50965443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:16.182435989 CET4435096735.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:16.182514906 CET50967443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:16.185165882 CET50967443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:16.185178995 CET4435096735.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:16.185496092 CET4435096735.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:16.188512087 CET50967443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:16.188622952 CET50967443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:16.188770056 CET4435096735.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:16.189588070 CET50967443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:16.209019899 CET4435096834.149.100.209192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:16.209129095 CET50968443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:16.211946011 CET50968443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:16.211966991 CET4435096834.149.100.209192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:16.212699890 CET4435096834.149.100.209192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:16.214982986 CET50968443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:16.215042114 CET50968443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:16.215101957 CET4435096834.149.100.209192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:16.215348959 CET50968443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:16.263895988 CET804975134.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:16.266849995 CET5094280192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:16.271796942 CET805094234.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:16.309648037 CET4975180192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:16.364491940 CET805094234.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:16.409991980 CET5094280192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:26.271838903 CET4975180192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:26.280682087 CET804975134.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:26.372030973 CET5094280192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:26.376996994 CET805094234.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:33.941464901 CET50970443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:33.941553116 CET4435097034.107.243.93192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:33.941690922 CET50970443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:33.942965031 CET50970443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:33.942995071 CET4435097034.107.243.93192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:34.418745995 CET4435097034.107.243.93192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:34.418844938 CET50970443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:34.424979925 CET50970443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:34.425012112 CET4435097034.107.243.93192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:34.425081015 CET50970443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:34.425436974 CET4435097034.107.243.93192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:34.425828934 CET50970443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:34.428165913 CET4975180192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:34.433046103 CET804975134.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:34.524914026 CET804975134.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:34.528032064 CET5094280192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:34.532980919 CET805094234.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:34.579555035 CET4975180192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:34.626249075 CET805094234.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:34.679884911 CET5094280192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:44.532855034 CET4975180192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:44.537817955 CET804975134.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:44.633222103 CET5094280192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:44.638091087 CET805094234.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:44.917756081 CET51033443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:44.917813063 CET4435103334.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:44.918014050 CET51033443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:44.918138981 CET51033443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:44.918154001 CET4435103334.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:44.920397043 CET51034443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:44.920480013 CET4435103434.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:44.920588970 CET51034443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:44.920963049 CET51034443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:44.921022892 CET4435103434.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:44.939734936 CET51036443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:44.939817905 CET4435103634.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:44.949739933 CET51036443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:44.949840069 CET51036443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:44.949868917 CET4435103634.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:45.385871887 CET4435103434.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:45.386001110 CET51034443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:45.390571117 CET51034443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:45.390625000 CET4435103434.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:45.391560078 CET4435103434.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:45.394320011 CET51034443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:45.394459963 CET51034443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:45.394726992 CET4435103434.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:45.395129919 CET4435103334.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:45.397686005 CET51034443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:45.397721052 CET51033443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:45.401798964 CET51033443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:45.401844978 CET4435103334.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:45.402158022 CET4435103334.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:45.403459072 CET4975180192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:45.405621052 CET51033443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:45.405725956 CET51033443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:45.405848026 CET4435103334.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:45.406694889 CET51033443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:45.408924103 CET804975134.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:45.432951927 CET4435103634.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:45.432961941 CET4435103634.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:45.433259010 CET51036443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:45.437505960 CET51036443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:45.437535048 CET4435103634.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:45.437875986 CET4435103634.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:45.440706968 CET51036443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:45.440823078 CET51036443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:45.440885067 CET4435103634.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:45.441509962 CET51036443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:45.441545010 CET51036443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:45.498928070 CET804975134.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:45.503998041 CET5094280192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:45.509068012 CET805094234.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:45.551440001 CET4975180192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:45.601731062 CET805094234.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:45.651818037 CET5094280192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:55.506609917 CET4975180192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:55.512764931 CET804975134.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:55.606916904 CET5094280192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:55.611804962 CET805094234.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:30:05.524256945 CET4975180192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:30:05.529155016 CET804975134.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:30:05.624538898 CET5094280192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:30:05.629719973 CET805094234.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:30:14.486582041 CET51223443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:30:14.486665964 CET4435122334.107.243.93192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:30:14.486851931 CET51223443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:30:14.488157034 CET51223443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:30:14.488190889 CET4435122334.107.243.93192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:30:14.956187963 CET4435122334.107.243.93192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:30:14.958106995 CET51223443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:30:14.961950064 CET51223443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:30:14.961978912 CET4435122334.107.243.93192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:30:14.962037086 CET51223443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:30:14.962488890 CET4435122334.107.243.93192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:30:14.962948084 CET51223443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:30:14.964869976 CET4975180192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:30:14.969793081 CET804975134.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:30:15.059712887 CET804975134.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:30:15.062657118 CET5094280192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:30:15.067554951 CET805094234.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:30:15.113595009 CET4975180192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:30:15.160799980 CET805094234.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:30:15.213896990 CET5094280192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:30:25.080100060 CET4975180192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:30:25.085057020 CET804975134.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:30:25.180306911 CET5094280192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:30:25.186268091 CET805094234.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:30:35.086487055 CET4975180192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:30:35.091463089 CET804975134.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:30:35.186832905 CET5094280192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:30:35.191812038 CET805094234.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:30:45.099040985 CET4975180192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:30:45.104006052 CET804975134.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:30:45.199014902 CET5094280192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:30:45.203908920 CET805094234.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:30:55.110893965 CET4975180192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:30:55.116225004 CET804975134.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:30:55.211307049 CET5094280192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:30:55.216671944 CET805094234.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:31:05.124759912 CET4975180192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:31:05.129750013 CET804975134.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:31:05.224987984 CET5094280192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:31:05.229914904 CET805094234.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:31:15.139744043 CET4975180192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:31:15.144805908 CET804975134.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:31:15.239718914 CET5094280192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:31:15.244736910 CET805094234.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:31:25.151768923 CET4975180192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:31:25.157095909 CET804975134.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:31:25.252109051 CET5094280192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:31:25.257533073 CET805094234.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:31:35.098929882 CET51241443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:31:35.099018097 CET4435124134.107.243.93192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:31:35.099092007 CET51241443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:31:35.100394011 CET51241443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:31:35.100430012 CET4435124134.107.243.93192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:31:35.179121971 CET4975180192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:31:35.184006929 CET804975134.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:31:35.279372931 CET5094280192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:31:35.284292936 CET805094234.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:31:35.561897993 CET4435124134.107.243.93192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:31:35.562202930 CET51241443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:31:35.568773985 CET51241443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:31:35.568825006 CET4435124134.107.243.93192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:31:35.568881989 CET51241443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:31:35.569072962 CET4435124134.107.243.93192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:31:35.569802046 CET51241443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:31:35.571681023 CET4975180192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:31:35.576539040 CET804975134.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:31:35.666366100 CET804975134.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:31:35.671952963 CET5094280192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:31:35.676868916 CET805094234.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:31:35.711951971 CET4975180192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:31:35.770001888 CET805094234.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:31:35.812217951 CET5094280192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:31:45.684931040 CET4975180192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:31:45.689938068 CET804975134.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:31:45.785181999 CET5094280192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:31:45.790385962 CET805094234.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:31:45.853224039 CET51242443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:31:45.853315115 CET4435124234.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:31:45.853410959 CET51243443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:31:45.853461981 CET4435124334.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:31:45.853599072 CET51244443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:31:45.853682995 CET4435124434.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:31:45.853764057 CET51245443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:31:45.853811979 CET4435124534.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:31:45.853861094 CET51242443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:31:45.853873968 CET51243443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:31:45.853883982 CET51244443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:31:45.854054928 CET51242443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:31:45.854091883 CET4435124234.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:31:45.854259968 CET51244443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:31:45.854293108 CET4435124434.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:31:45.854357958 CET51243443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:31:45.854377985 CET4435124334.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:31:45.854511023 CET51245443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:31:45.854629040 CET51245443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:31:45.854640007 CET4435124534.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:31:46.322138071 CET4435124434.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:31:46.327837944 CET4435124534.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:31:46.328154087 CET51244443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:31:46.328214884 CET51245443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:31:46.330123901 CET4435124234.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:31:46.330246925 CET51242443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:31:46.331581116 CET51244443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:31:46.331615925 CET4435124434.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:31:46.331938028 CET4435124434.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:31:46.334589958 CET51245443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:31:46.334603071 CET4435124534.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:31:46.335549116 CET4435124534.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:31:46.337047100 CET51242443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:31:46.337074995 CET4435124234.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:31:46.337569952 CET4435124234.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:31:46.340841055 CET4435124334.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:31:46.341465950 CET51243443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:31:46.345535994 CET51243443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:31:46.345546007 CET4435124334.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:31:46.345944881 CET4435124334.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:31:46.346090078 CET51244443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:31:46.346457005 CET4435124434.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:31:46.346549034 CET51244443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:31:46.346558094 CET4435124434.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:31:46.346646070 CET51245443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:31:46.346756935 CET51245443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:31:46.347018003 CET51242443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:31:46.347064972 CET4435124534.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:31:46.347090960 CET51242443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:31:46.347373962 CET4435124234.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:31:46.349174976 CET51245443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:31:46.349200010 CET51242443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:31:46.349280119 CET51244443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:31:46.349627972 CET51243443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:31:46.349704027 CET51243443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:31:46.349821091 CET4435124334.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:31:46.351752043 CET51243443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:31:46.355534077 CET4975180192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:31:46.360428095 CET804975134.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:31:46.451380014 CET804975134.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:31:46.453957081 CET5094280192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:31:46.458838940 CET805094234.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:31:46.502855062 CET4975180192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:31:46.551918030 CET805094234.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:31:46.603179932 CET5094280192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:46.442591906 CET5272253192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:46.449781895 CET53527221.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:46.450431108 CET5313953192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:46.458184958 CET53531391.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:48.711538076 CET5687053192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:48.719355106 CET6173853192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:48.720299006 CET5341253192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:48.726244926 CET53617381.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:48.726914883 CET53534121.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:48.728432894 CET6426053192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:48.730762005 CET5990453192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:48.735357046 CET53642601.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:48.737385988 CET53599041.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:48.740173101 CET6412753192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:48.746876001 CET53641271.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:49.156316996 CET5827453192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:49.163116932 CET53582741.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:49.165182114 CET6496653192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:49.171883106 CET53649661.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:49.172444105 CET5583153192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:49.179209948 CET53558311.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:49.198405981 CET5093853192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:49.206274986 CET53509381.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:49.213021994 CET6239853192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:49.215266943 CET4922553192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:49.220385075 CET53623981.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:49.222266912 CET53492251.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:49.228388071 CET6269853192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:49.228704929 CET5039853192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:49.235387087 CET53503981.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:49.235799074 CET53626981.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:49.346239090 CET5729353192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:49.353543043 CET53572931.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:49.354691982 CET4948153192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:49.361706018 CET53494811.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:49.362351894 CET6105653192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:49.369230986 CET53610561.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:49.387902975 CET5156453192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:49.388556957 CET4952853192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:49.394599915 CET53515641.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:49.394978046 CET53495281.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:49.397140980 CET5016853192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:50.857830048 CET5816253192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:50.864587069 CET53581621.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:51.154022932 CET6401453192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:51.161113977 CET53640141.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:51.162810087 CET6508453192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:51.169835091 CET53650841.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:51.171257973 CET5506253192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:51.178015947 CET53550621.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:51.370556116 CET53566811.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:55.380034924 CET6229253192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:55.386898041 CET53622921.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:55.387684107 CET6490753192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:55.394898891 CET53649071.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:55.397222042 CET5160253192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:55.413032055 CET5962253192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:55.416450024 CET6152653192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:55.419483900 CET5511353192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:55.419833899 CET53596221.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:55.421602964 CET6267753192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:55.425296068 CET53516021.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:55.426131964 CET53551131.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:55.428343058 CET53626771.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:55.431432962 CET5166253192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:55.438081026 CET53516621.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:55.499073029 CET4939553192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:55.505954027 CET53493951.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:55.510359049 CET5789553192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:55.517122984 CET53578951.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:01.843952894 CET6034853192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:01.852207899 CET53603481.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:01.854547024 CET5439253192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:01.861458063 CET53543921.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:06.463956118 CET5998453192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:06.464348078 CET6411453192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:06.464348078 CET6222353192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:06.575938940 CET53599841.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:06.576288939 CET53622231.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:06.576327085 CET53641141.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:06.576900959 CET6185153192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:06.577007055 CET6382953192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:06.577382088 CET6462653192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:06.583740950 CET53618511.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:06.584145069 CET53638291.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:06.584178925 CET53646261.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:06.584244013 CET6504053192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:06.584667921 CET5668753192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:06.584748983 CET5683253192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:06.590986013 CET53650401.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:06.591434956 CET53568321.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:06.591516018 CET6330153192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:06.591907978 CET6072153192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:06.591959000 CET53566871.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:06.598557949 CET53633011.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:06.598640919 CET53607211.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:06.599198103 CET5210353192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:06.599198103 CET6147853192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:06.605757952 CET53521031.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:06.606098890 CET53614781.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:06.606388092 CET5281853192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:06.606550932 CET6121153192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:06.613140106 CET53528181.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:06.613481998 CET53612111.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:13.304687977 CET6397253192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:13.311722040 CET53639721.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:15.142819881 CET6504953192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:15.151273012 CET53650491.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:15.158750057 CET5966653192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:15.165783882 CET53596661.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:15.167388916 CET6361753192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:15.176529884 CET53636171.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:15.177176952 CET4917453192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:15.184499025 CET53491741.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:15.201209068 CET4935253192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:15.208295107 CET53493521.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:15.216262102 CET6205253192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:15.224663973 CET53620521.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:15.231575012 CET5551153192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:15.238163948 CET53555111.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:33.933782101 CET6454653192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:33.940562963 CET53645461.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:33.941417933 CET5397653192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:33.954154968 CET53539761.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:44.925595999 CET6013053192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:44.932462931 CET53601301.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:30:14.486823082 CET5091153192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:30:14.496356010 CET53509111.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:30:14.965080023 CET5387953192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:31:35.082794905 CET5660453192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:31:35.089692116 CET53566041.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:31:35.090946913 CET5812953192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:31:35.098086119 CET53581291.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:31:35.098696947 CET6196453192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:31:35.105307102 CET53619641.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:31:35.571949005 CET6219853192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:31:45.853739023 CET5702253192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:31:45.860424995 CET53570221.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:46.442591906 CET192.168.2.41.1.1.10xd7b5Standard query (0)prod.classify-client.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:46.450431108 CET192.168.2.41.1.1.10xbcdaStandard query (0)prod.classify-client.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:48.711538076 CET192.168.2.41.1.1.10x5f6dStandard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:48.719355106 CET192.168.2.41.1.1.10xf9c4Standard query (0)youtube.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:48.720299006 CET192.168.2.41.1.1.10xd98aStandard query (0)prod.detectportal.prod.cloudops.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:48.728432894 CET192.168.2.41.1.1.10xd63bStandard query (0)youtube.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:48.730762005 CET192.168.2.41.1.1.10x974eStandard query (0)prod.detectportal.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:48.740173101 CET192.168.2.41.1.1.10xc765Standard query (0)youtube.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:49.156316996 CET192.168.2.41.1.1.10x3fecStandard query (0)contile.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:49.165182114 CET192.168.2.41.1.1.10x737aStandard query (0)contile.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:49.172444105 CET192.168.2.41.1.1.10x1977Standard query (0)contile.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:49.198405981 CET192.168.2.41.1.1.10xd1bbStandard query (0)spocs.getpocket.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:49.213021994 CET192.168.2.41.1.1.10xe7fcStandard query (0)prod.ads.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:49.215266943 CET192.168.2.41.1.1.10x1f81Standard query (0)prod.balrog.prod.cloudops.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:49.228388071 CET192.168.2.41.1.1.10x2f3eStandard query (0)prod.ads.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:49.228704929 CET192.168.2.41.1.1.10x76Standard query (0)prod.balrog.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:49.346239090 CET192.168.2.41.1.1.10x1204Standard query (0)content-signature-2.cdn.mozilla.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:49.354691982 CET192.168.2.41.1.1.10x9cdbStandard query (0)prod.content-signature-chains.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:49.362351894 CET192.168.2.41.1.1.10xdc23Standard query (0)prod.content-signature-chains.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:49.387902975 CET192.168.2.41.1.1.10x6e3Standard query (0)example.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:49.388556957 CET192.168.2.41.1.1.10xaa9dStandard query (0)ipv4only.arpaA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:49.397140980 CET192.168.2.41.1.1.10x920dStandard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:50.857830048 CET192.168.2.41.1.1.10x1404Standard query (0)shavar.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:51.154022932 CET192.168.2.41.1.1.10x277dStandard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:51.162810087 CET192.168.2.41.1.1.10x1f05Standard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:51.171257973 CET192.168.2.41.1.1.10xc393Standard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:55.380034924 CET192.168.2.41.1.1.10x3c5cStandard query (0)support.mozilla.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:55.387684107 CET192.168.2.41.1.1.10x8d18Standard query (0)us-west1.prod.sumo.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:55.397222042 CET192.168.2.41.1.1.10xd4dbStandard query (0)us-west1.prod.sumo.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:55.413032055 CET192.168.2.41.1.1.10x5dd1Standard query (0)telemetry-incoming.r53-2.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:55.416450024 CET192.168.2.41.1.1.10xabfStandard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:55.419483900 CET192.168.2.41.1.1.10x4003Standard query (0)firefox.settings.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:55.421602964 CET192.168.2.41.1.1.10xdcb1Standard query (0)telemetry-incoming.r53-2.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:55.431432962 CET192.168.2.41.1.1.10x7b21Standard query (0)prod.remote-settings.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:55.499073029 CET192.168.2.41.1.1.10x7d86Standard query (0)prod.remote-settings.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:55.510359049 CET192.168.2.41.1.1.10xff9cStandard query (0)prod.balrog.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:01.843952894 CET192.168.2.41.1.1.10xbbb3Standard query (0)telemetry-incoming.r53-2.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:01.854547024 CET192.168.2.41.1.1.10x79b4Standard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:06.463956118 CET192.168.2.41.1.1.10xc4abStandard query (0)www.youtube.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:06.464348078 CET192.168.2.41.1.1.10xfd29Standard query (0)www.facebook.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:06.464348078 CET192.168.2.41.1.1.10x7004Standard query (0)www.wikipedia.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:06.576900959 CET192.168.2.41.1.1.10x4153Standard query (0)youtube-ui.l.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:06.577007055 CET192.168.2.41.1.1.10xd10aStandard query (0)dyna.wikimedia.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:06.577382088 CET192.168.2.41.1.1.10x1ad7Standard query (0)star-mini.c10r.facebook.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:06.584244013 CET192.168.2.41.1.1.10x642aStandard query (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:06.584667921 CET192.168.2.41.1.1.10xc055Standard query (0)dyna.wikimedia.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:06.584748983 CET192.168.2.41.1.1.10xc498Standard query (0)star-mini.c10r.facebook.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:06.591516018 CET192.168.2.41.1.1.10x8b32Standard query (0)www.reddit.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:06.591907978 CET192.168.2.41.1.1.10x5c93Standard query (0)twitter.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:06.599198103 CET192.168.2.41.1.1.10x55b3Standard query (0)twitter.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:06.599198103 CET192.168.2.41.1.1.10xe037Standard query (0)reddit.map.fastly.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:06.606388092 CET192.168.2.41.1.1.10x4beaStandard query (0)twitter.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:06.606550932 CET192.168.2.41.1.1.10xb5c1Standard query (0)reddit.map.fastly.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:13.304687977 CET192.168.2.41.1.1.10xa688Standard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:15.142819881 CET192.168.2.41.1.1.10xc767Standard query (0)prod.balrog.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:15.158750057 CET192.168.2.41.1.1.10x8951Standard query (0)services.addons.mozilla.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:15.167388916 CET192.168.2.41.1.1.10x45ddStandard query (0)services.addons.mozilla.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:15.177176952 CET192.168.2.41.1.1.10x45adStandard query (0)services.addons.mozilla.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:15.201209068 CET192.168.2.41.1.1.10xbefcStandard query (0)normandy.cdn.mozilla.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:15.216262102 CET192.168.2.41.1.1.10x14c2Standard query (0)normandy-cdn.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:15.231575012 CET192.168.2.41.1.1.10x4181Standard query (0)normandy-cdn.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:33.933782101 CET192.168.2.41.1.1.10xf9c2Standard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:33.941417933 CET192.168.2.41.1.1.10x4a89Standard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:44.925595999 CET192.168.2.41.1.1.10xf499Standard query (0)telemetry-incoming.r53-2.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:30:14.486823082 CET192.168.2.41.1.1.10xaf26Standard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:30:14.965080023 CET192.168.2.41.1.1.10x64f2Standard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:31:35.082794905 CET192.168.2.41.1.1.10xb8aStandard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:31:35.090946913 CET192.168.2.41.1.1.10x57c4Standard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:31:35.098696947 CET192.168.2.41.1.1.10x5336Standard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:31:35.571949005 CET192.168.2.41.1.1.10xf816Standard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:31:45.853739023 CET192.168.2.41.1.1.10x13a7Standard query (0)telemetry-incoming.r53-2.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:46.438488960 CET1.1.1.1192.168.2.40x2644No error (0)prod.classify-client.prod.webservices.mozgcp.net35.190.72.216A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:46.449781895 CET1.1.1.1192.168.2.40xd7b5No error (0)prod.classify-client.prod.webservices.mozgcp.net35.190.72.216A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:48.718369961 CET1.1.1.1192.168.2.40x5f6dNo error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:48.718369961 CET1.1.1.1192.168.2.40x5f6dNo error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:48.726244926 CET1.1.1.1192.168.2.40xf9c4No error (0)youtube.com142.250.185.206A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:48.726914883 CET1.1.1.1192.168.2.40xd98aNo error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:48.735357046 CET1.1.1.1192.168.2.40xd63bNo error (0)youtube.com216.58.206.46A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:48.737385988 CET1.1.1.1192.168.2.40x974eNo error (0)prod.detectportal.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:48.746876001 CET1.1.1.1192.168.2.40xc765No error (0)youtube.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:49.163116932 CET1.1.1.1192.168.2.40x3fecNo error (0)contile.services.mozilla.com34.117.188.166A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:49.171883106 CET1.1.1.1192.168.2.40x737aNo error (0)contile.services.mozilla.com34.117.188.166A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:49.206274986 CET1.1.1.1192.168.2.40xd1bbNo error (0)spocs.getpocket.comprod.ads.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:49.206274986 CET1.1.1.1192.168.2.40xd1bbNo error (0)prod.ads.prod.webservices.mozgcp.net34.117.188.166A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:49.211668968 CET1.1.1.1192.168.2.40xd3d5No error (0)balrog-aus5.r53-2.services.mozilla.comprod.balrog.prod.cloudops.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:49.211668968 CET1.1.1.1192.168.2.40xd3d5No error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:49.220385075 CET1.1.1.1192.168.2.40xe7fcNo error (0)prod.ads.prod.webservices.mozgcp.net34.117.188.166A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:49.222266912 CET1.1.1.1192.168.2.40x1f81No error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:49.353543043 CET1.1.1.1192.168.2.40x1204No error (0)content-signature-2.cdn.mozilla.netcontent-signature-chains.prod.autograph.services.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:49.353543043 CET1.1.1.1192.168.2.40x1204No error (0)content-signature-chains.prod.autograph.services.mozaws.netprod.content-signature-chains.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:49.353543043 CET1.1.1.1192.168.2.40x1204No error (0)prod.content-signature-chains.prod.webservices.mozgcp.net34.160.144.191A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:49.361706018 CET1.1.1.1192.168.2.40x9cdbNo error (0)prod.content-signature-chains.prod.webservices.mozgcp.net34.160.144.191A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:49.369230986 CET1.1.1.1192.168.2.40xdc23No error (0)prod.content-signature-chains.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:49.394599915 CET1.1.1.1192.168.2.40x6e3No error (0)example.org93.184.215.14A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:49.394978046 CET1.1.1.1192.168.2.40xaa9dNo error (0)ipv4only.arpa192.0.0.171A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:49.394978046 CET1.1.1.1192.168.2.40xaa9dNo error (0)ipv4only.arpa192.0.0.170A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:49.403934002 CET1.1.1.1192.168.2.40x920dNo error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:49.403934002 CET1.1.1.1192.168.2.40x920dNo error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:51.161113977 CET1.1.1.1192.168.2.40x277dNo error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:51.169835091 CET1.1.1.1192.168.2.40x1f05No error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:55.386898041 CET1.1.1.1192.168.2.40x3c5cNo error (0)support.mozilla.orgprod.sumo.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:55.386898041 CET1.1.1.1192.168.2.40x3c5cNo error (0)prod.sumo.prod.webservices.mozgcp.netus-west1.prod.sumo.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:55.386898041 CET1.1.1.1192.168.2.40x3c5cNo error (0)us-west1.prod.sumo.prod.webservices.mozgcp.net34.149.128.2A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:55.394898891 CET1.1.1.1192.168.2.40x8d18No error (0)us-west1.prod.sumo.prod.webservices.mozgcp.net34.149.128.2A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:55.411569118 CET1.1.1.1192.168.2.40xcff0No error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:55.419833899 CET1.1.1.1192.168.2.40x5dd1No error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:55.423645020 CET1.1.1.1192.168.2.40xabfNo error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:55.423645020 CET1.1.1.1192.168.2.40xabfNo error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:55.426131964 CET1.1.1.1192.168.2.40x4003No error (0)firefox.settings.services.mozilla.comprod.remote-settings.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:55.426131964 CET1.1.1.1192.168.2.40x4003No error (0)prod.remote-settings.prod.webservices.mozgcp.net34.149.100.209A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:55.438081026 CET1.1.1.1192.168.2.40x7b21No error (0)prod.remote-settings.prod.webservices.mozgcp.net34.149.100.209A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:55.505605936 CET1.1.1.1192.168.2.40xe740No error (0)balrog-aus5.r53-2.services.mozilla.comprod.balrog.prod.cloudops.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:55.505605936 CET1.1.1.1192.168.2.40xe740No error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:00.292309046 CET1.1.1.1192.168.2.40x3c15No error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:06.575938940 CET1.1.1.1192.168.2.40xc4abNo error (0)www.youtube.comyoutube-ui.l.google.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:06.575938940 CET1.1.1.1192.168.2.40xc4abNo error (0)youtube-ui.l.google.com142.250.185.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:06.575938940 CET1.1.1.1192.168.2.40xc4abNo error (0)youtube-ui.l.google.com142.250.185.238A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:06.575938940 CET1.1.1.1192.168.2.40xc4abNo error (0)youtube-ui.l.google.com216.58.212.174A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:06.575938940 CET1.1.1.1192.168.2.40xc4abNo error (0)youtube-ui.l.google.com142.250.184.238A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:06.575938940 CET1.1.1.1192.168.2.40xc4abNo error (0)youtube-ui.l.google.com142.250.185.142A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:06.575938940 CET1.1.1.1192.168.2.40xc4abNo error (0)youtube-ui.l.google.com172.217.16.206A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:06.575938940 CET1.1.1.1192.168.2.40xc4abNo error (0)youtube-ui.l.google.com142.250.181.238A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:06.575938940 CET1.1.1.1192.168.2.40xc4abNo error (0)youtube-ui.l.google.com142.250.186.110A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:06.575938940 CET1.1.1.1192.168.2.40xc4abNo error (0)youtube-ui.l.google.com142.250.185.110A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:06.575938940 CET1.1.1.1192.168.2.40xc4abNo error (0)youtube-ui.l.google.com142.250.185.206A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:06.575938940 CET1.1.1.1192.168.2.40xc4abNo error (0)youtube-ui.l.google.com216.58.206.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:06.575938940 CET1.1.1.1192.168.2.40xc4abNo error (0)youtube-ui.l.google.com142.250.186.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:06.575938940 CET1.1.1.1192.168.2.40xc4abNo error (0)youtube-ui.l.google.com142.250.186.174A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:06.575938940 CET1.1.1.1192.168.2.40xc4abNo error (0)youtube-ui.l.google.com142.250.184.206A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:06.575938940 CET1.1.1.1192.168.2.40xc4abNo error (0)youtube-ui.l.google.com172.217.18.14A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:06.575938940 CET1.1.1.1192.168.2.40xc4abNo error (0)youtube-ui.l.google.com142.250.185.174A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:06.576288939 CET1.1.1.1192.168.2.40x7004No error (0)www.wikipedia.orgdyna.wikimedia.orgCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:06.576288939 CET1.1.1.1192.168.2.40x7004No error (0)dyna.wikimedia.org185.15.59.224A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:06.576327085 CET1.1.1.1192.168.2.40xfd29No error (0)www.facebook.comstar-mini.c10r.facebook.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:06.576327085 CET1.1.1.1192.168.2.40xfd29No error (0)star-mini.c10r.facebook.com157.240.252.35A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:06.583740950 CET1.1.1.1192.168.2.40x4153No error (0)youtube-ui.l.google.com142.250.186.46A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:06.583740950 CET1.1.1.1192.168.2.40x4153No error (0)youtube-ui.l.google.com172.217.18.14A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:06.583740950 CET1.1.1.1192.168.2.40x4153No error (0)youtube-ui.l.google.com172.217.18.110A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:06.583740950 CET1.1.1.1192.168.2.40x4153No error (0)youtube-ui.l.google.com172.217.16.142A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:06.583740950 CET1.1.1.1192.168.2.40x4153No error (0)youtube-ui.l.google.com142.250.186.110A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:06.583740950 CET1.1.1.1192.168.2.40x4153No error (0)youtube-ui.l.google.com142.250.185.206A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:06.583740950 CET1.1.1.1192.168.2.40x4153No error (0)youtube-ui.l.google.com142.250.186.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:06.583740950 CET1.1.1.1192.168.2.40x4153No error (0)youtube-ui.l.google.com142.250.186.142A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:06.583740950 CET1.1.1.1192.168.2.40x4153No error (0)youtube-ui.l.google.com216.58.206.46A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:06.583740950 CET1.1.1.1192.168.2.40x4153No error (0)youtube-ui.l.google.com142.250.184.206A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:06.583740950 CET1.1.1.1192.168.2.40x4153No error (0)youtube-ui.l.google.com142.250.185.238A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:06.583740950 CET1.1.1.1192.168.2.40x4153No error (0)youtube-ui.l.google.com172.217.16.206A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:06.583740950 CET1.1.1.1192.168.2.40x4153No error (0)youtube-ui.l.google.com142.250.184.238A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:06.583740950 CET1.1.1.1192.168.2.40x4153No error (0)youtube-ui.l.google.com142.250.181.238A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:06.583740950 CET1.1.1.1192.168.2.40x4153No error (0)youtube-ui.l.google.com142.250.74.206A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:06.583740950 CET1.1.1.1192.168.2.40x4153No error (0)youtube-ui.l.google.com142.250.186.174A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:06.584145069 CET1.1.1.1192.168.2.40xd10aNo error (0)dyna.wikimedia.org185.15.59.224A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:06.584178925 CET1.1.1.1192.168.2.40x1ad7No error (0)star-mini.c10r.facebook.com157.240.0.35A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:06.590986013 CET1.1.1.1192.168.2.40x642aNo error (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:06.590986013 CET1.1.1.1192.168.2.40x642aNo error (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:06.590986013 CET1.1.1.1192.168.2.40x642aNo error (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:06.590986013 CET1.1.1.1192.168.2.40x642aNo error (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:06.591434956 CET1.1.1.1192.168.2.40xc498No error (0)star-mini.c10r.facebook.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:06.591959000 CET1.1.1.1192.168.2.40xc055No error (0)dyna.wikimedia.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:06.598557949 CET1.1.1.1192.168.2.40x8b32No error (0)www.reddit.comreddit.map.fastly.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:06.598557949 CET1.1.1.1192.168.2.40x8b32No error (0)reddit.map.fastly.net151.101.65.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:06.598557949 CET1.1.1.1192.168.2.40x8b32No error (0)reddit.map.fastly.net151.101.193.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:06.598557949 CET1.1.1.1192.168.2.40x8b32No error (0)reddit.map.fastly.net151.101.1.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:06.598557949 CET1.1.1.1192.168.2.40x8b32No error (0)reddit.map.fastly.net151.101.129.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:06.598640919 CET1.1.1.1192.168.2.40x5c93No error (0)twitter.com104.244.42.193A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:06.605757952 CET1.1.1.1192.168.2.40x55b3No error (0)twitter.com104.244.42.65A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:06.606098890 CET1.1.1.1192.168.2.40xe037No error (0)reddit.map.fastly.net151.101.1.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:06.606098890 CET1.1.1.1192.168.2.40xe037No error (0)reddit.map.fastly.net151.101.129.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:06.606098890 CET1.1.1.1192.168.2.40xe037No error (0)reddit.map.fastly.net151.101.193.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:06.606098890 CET1.1.1.1192.168.2.40xe037No error (0)reddit.map.fastly.net151.101.65.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:15.140125036 CET1.1.1.1192.168.2.40x87ceNo error (0)balrog-aus5.r53-2.services.mozilla.comprod.balrog.prod.cloudops.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:15.140125036 CET1.1.1.1192.168.2.40x87ceNo error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:15.165783882 CET1.1.1.1192.168.2.40x8951No error (0)services.addons.mozilla.org151.101.1.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:15.165783882 CET1.1.1.1192.168.2.40x8951No error (0)services.addons.mozilla.org151.101.129.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:15.165783882 CET1.1.1.1192.168.2.40x8951No error (0)services.addons.mozilla.org151.101.65.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:15.165783882 CET1.1.1.1192.168.2.40x8951No error (0)services.addons.mozilla.org151.101.193.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:15.176529884 CET1.1.1.1192.168.2.40x45ddNo error (0)services.addons.mozilla.org151.101.129.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:15.176529884 CET1.1.1.1192.168.2.40x45ddNo error (0)services.addons.mozilla.org151.101.193.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:15.176529884 CET1.1.1.1192.168.2.40x45ddNo error (0)services.addons.mozilla.org151.101.1.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:15.176529884 CET1.1.1.1192.168.2.40x45ddNo error (0)services.addons.mozilla.org151.101.65.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:15.184499025 CET1.1.1.1192.168.2.40x45adNo error (0)services.addons.mozilla.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:15.184499025 CET1.1.1.1192.168.2.40x45adNo error (0)services.addons.mozilla.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:15.184499025 CET1.1.1.1192.168.2.40x45adNo error (0)services.addons.mozilla.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:15.184499025 CET1.1.1.1192.168.2.40x45adNo error (0)services.addons.mozilla.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:15.208295107 CET1.1.1.1192.168.2.40xbefcNo error (0)normandy.cdn.mozilla.netnormandy-cdn.services.mozilla.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:15.208295107 CET1.1.1.1192.168.2.40xbefcNo error (0)normandy-cdn.services.mozilla.com35.201.103.21A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:15.224663973 CET1.1.1.1192.168.2.40x14c2No error (0)normandy-cdn.services.mozilla.com35.201.103.21A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:16.188425064 CET1.1.1.1192.168.2.40xa2b3No error (0)a21ed24aedde648804e7-228765c84088fef4ff5e70f2710398e9.r17.cf1.rackcdn.coma17.rackcdn.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:16.188425064 CET1.1.1.1192.168.2.40xa2b3No error (0)a17.rackcdn.coma17.rackcdn.com.mdc.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:33.940562963 CET1.1.1.1192.168.2.40xf9c2No error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:44.924278021 CET1.1.1.1192.168.2.40xc39cNo error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:30:14.972059011 CET1.1.1.1192.168.2.40x64f2No error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:30:14.972059011 CET1.1.1.1192.168.2.40x64f2No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:31:35.089692116 CET1.1.1.1192.168.2.40xb8aNo error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:31:35.098086119 CET1.1.1.1192.168.2.40x57c4No error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:31:35.578718901 CET1.1.1.1192.168.2.40xf816No error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:31:35.578718901 CET1.1.1.1192.168.2.40xf816No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:31:45.852081060 CET1.1.1.1192.168.2.40x17cfNo error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                      • detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                      0192.168.2.44973934.107.221.82807892C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:48.832942963 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                      Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:49.282386065 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                                      Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                      Date: Tue, 19 Nov 2024 06:24:54 GMT
                                                                                                                                                                                                                                                                                                                                                                                      Age: 72235
                                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>


                                                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                      1192.168.2.44974534.107.221.82807892C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:49.411859989 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                      Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:49.860785961 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                                      Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                      Date: Tue, 19 Nov 2024 08:23:05 GMT
                                                                                                                                                                                                                                                                                                                                                                                      Age: 65144
                                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: success


                                                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                      2192.168.2.44975134.107.221.82807892C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:49.833560944 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                      Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:50.278620005 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                                      Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                      Date: Tue, 19 Nov 2024 03:42:13 GMT
                                                                                                                                                                                                                                                                                                                                                                                      Age: 81997
                                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:51.136662960 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                      Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:51.231564999 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                                      Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                      Date: Tue, 19 Nov 2024 03:42:13 GMT
                                                                                                                                                                                                                                                                                                                                                                                      Age: 81998
                                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:55.416167974 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                      Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:55.511084080 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                                      Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                      Date: Tue, 19 Nov 2024 03:42:13 GMT
                                                                                                                                                                                                                                                                                                                                                                                      Age: 82002
                                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:00.283396959 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                      Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:00.378669977 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                                      Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                      Date: Tue, 19 Nov 2024 03:42:13 GMT
                                                                                                                                                                                                                                                                                                                                                                                      Age: 82007
                                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:01.231355906 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                      Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:01.326164007 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                                      Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                      Date: Tue, 19 Nov 2024 03:42:13 GMT
                                                                                                                                                                                                                                                                                                                                                                                      Age: 82008
                                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:02.228235006 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                      Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:02.323281050 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                                      Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                      Date: Tue, 19 Nov 2024 03:42:13 GMT
                                                                                                                                                                                                                                                                                                                                                                                      Age: 82009
                                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:04.162897110 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                      Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:04.257899046 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                                      Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                      Date: Tue, 19 Nov 2024 03:42:13 GMT
                                                                                                                                                                                                                                                                                                                                                                                      Age: 82011
                                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:13.791716099 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                      Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:13.887984991 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                                      Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                      Date: Tue, 19 Nov 2024 03:42:13 GMT
                                                                                                                                                                                                                                                                                                                                                                                      Age: 82020
                                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:15.638998985 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                      Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:15.733664989 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                                      Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                      Date: Tue, 19 Nov 2024 03:42:13 GMT
                                                                                                                                                                                                                                                                                                                                                                                      Age: 82022
                                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:16.168361902 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                      Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:16.263895988 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                                      Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                      Date: Tue, 19 Nov 2024 03:42:13 GMT
                                                                                                                                                                                                                                                                                                                                                                                      Age: 82023
                                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:26.271838903 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:34.428165913 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                      Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:34.524914026 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                                      Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                      Date: Tue, 19 Nov 2024 03:42:13 GMT
                                                                                                                                                                                                                                                                                                                                                                                      Age: 82041
                                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:44.532855034 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:45.403459072 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                      Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:45.498928070 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                                      Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                      Date: Tue, 19 Nov 2024 03:42:13 GMT
                                                                                                                                                                                                                                                                                                                                                                                      Age: 82052
                                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:55.506609917 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:30:05.524256945 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:30:14.964869976 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                      Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:30:15.059712887 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                                      Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                      Date: Tue, 19 Nov 2024 03:42:13 GMT
                                                                                                                                                                                                                                                                                                                                                                                      Age: 82082
                                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:30:25.080100060 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:30:35.086487055 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:30:45.099040985 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:30:55.110893965 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:31:05.124759912 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:31:15.139744043 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:31:35.571681023 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                      Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:31:35.666366100 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                                      Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                      Date: Tue, 19 Nov 2024 03:42:13 GMT
                                                                                                                                                                                                                                                                                                                                                                                      Age: 82162
                                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:31:46.355534077 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                      Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:31:46.451380014 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                                      Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                      Date: Tue, 19 Nov 2024 03:42:13 GMT
                                                                                                                                                                                                                                                                                                                                                                                      Age: 82173
                                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>


                                                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                      3192.168.2.45094034.107.221.82807892C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:51.010557890 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                      Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache


                                                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                      4192.168.2.45094234.107.221.82807892C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:51.384684086 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                      Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:51.847378016 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                                      Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                      Date: Tue, 19 Nov 2024 04:14:18 GMT
                                                                                                                                                                                                                                                                                                                                                                                      Age: 80073
                                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:28:59.926810026 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                      Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:00.024468899 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                                      Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                      Date: Tue, 19 Nov 2024 04:14:18 GMT
                                                                                                                                                                                                                                                                                                                                                                                      Age: 80081
                                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:01.222791910 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                      Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:01.320758104 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                                      Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                      Date: Tue, 19 Nov 2024 04:14:18 GMT
                                                                                                                                                                                                                                                                                                                                                                                      Age: 80083
                                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:02.006402969 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                      Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:02.106720924 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                                      Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                      Date: Tue, 19 Nov 2024 04:14:18 GMT
                                                                                                                                                                                                                                                                                                                                                                                      Age: 80084
                                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:03.089802980 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                      Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:03.188360929 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                                      Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                      Date: Tue, 19 Nov 2024 04:14:18 GMT
                                                                                                                                                                                                                                                                                                                                                                                      Age: 80085
                                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:04.315521002 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                      Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:04.413470030 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                                      Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                      Date: Tue, 19 Nov 2024 04:14:18 GMT
                                                                                                                                                                                                                                                                                                                                                                                      Age: 80086
                                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:13.891360998 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                      Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:13.989304066 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                                      Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                      Date: Tue, 19 Nov 2024 04:14:18 GMT
                                                                                                                                                                                                                                                                                                                                                                                      Age: 80095
                                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:15.736618042 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                      Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:15.834364891 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                                      Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                      Date: Tue, 19 Nov 2024 04:14:18 GMT
                                                                                                                                                                                                                                                                                                                                                                                      Age: 80097
                                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:16.266849995 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                      Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:16.364491940 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                                      Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                      Date: Tue, 19 Nov 2024 04:14:18 GMT
                                                                                                                                                                                                                                                                                                                                                                                      Age: 80098
                                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:26.372030973 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:34.528032064 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                      Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:34.626249075 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                                      Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                      Date: Tue, 19 Nov 2024 04:14:18 GMT
                                                                                                                                                                                                                                                                                                                                                                                      Age: 80116
                                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:44.633222103 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:45.503998041 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                      Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:45.601731062 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                                      Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                      Date: Tue, 19 Nov 2024 04:14:18 GMT
                                                                                                                                                                                                                                                                                                                                                                                      Age: 80127
                                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:29:55.606916904 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:30:05.624538898 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:30:15.062657118 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                      Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:30:15.160799980 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                                      Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                      Date: Tue, 19 Nov 2024 04:14:18 GMT
                                                                                                                                                                                                                                                                                                                                                                                      Age: 80157
                                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:30:25.180306911 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:30:35.186832905 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:30:45.199014902 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:30:55.211307049 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:31:05.224987984 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:31:15.239718914 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:31:35.671952963 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                      Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:31:35.770001888 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                                      Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                      Date: Tue, 19 Nov 2024 04:14:18 GMT
                                                                                                                                                                                                                                                                                                                                                                                      Age: 80237
                                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:31:46.453957081 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                      Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                      Nov 20, 2024 03:31:46.551918030 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                                      Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                      Date: Tue, 19 Nov 2024 04:14:18 GMT
                                                                                                                                                                                                                                                                                                                                                                                      Age: 80248
                                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: success


                                                                                                                                                                                                                                                                                                                                                                                      Click to jump to process

                                                                                                                                                                                                                                                                                                                                                                                      Click to jump to process

                                                                                                                                                                                                                                                                                                                                                                                      Click to dive into process behavior distribution

                                                                                                                                                                                                                                                                                                                                                                                      Click to jump to process

                                                                                                                                                                                                                                                                                                                                                                                      Target ID:0
                                                                                                                                                                                                                                                                                                                                                                                      Start time:21:28:39
                                                                                                                                                                                                                                                                                                                                                                                      Start date:19/11/2024
                                                                                                                                                                                                                                                                                                                                                                                      Path:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                                                      Commandline:"C:\Users\user\Desktop\file.exe"
                                                                                                                                                                                                                                                                                                                                                                                      Imagebase:0x170000
                                                                                                                                                                                                                                                                                                                                                                                      File size:922'112 bytes
                                                                                                                                                                                                                                                                                                                                                                                      MD5 hash:5DDBDA8BAEF12CDD69941B253FEE8AEC
                                                                                                                                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                      Reputation:low
                                                                                                                                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                                                                                                                                      Target ID:1
                                                                                                                                                                                                                                                                                                                                                                                      Start time:21:28:39
                                                                                                                                                                                                                                                                                                                                                                                      Start date:19/11/2024
                                                                                                                                                                                                                                                                                                                                                                                      Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                                                      Commandline:taskkill /F /IM firefox.exe /T
                                                                                                                                                                                                                                                                                                                                                                                      Imagebase:0x300000
                                                                                                                                                                                                                                                                                                                                                                                      File size:74'240 bytes
                                                                                                                                                                                                                                                                                                                                                                                      MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                      Reputation:high
                                                                                                                                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                                                                                                                                      Target ID:2
                                                                                                                                                                                                                                                                                                                                                                                      Start time:21:28:39
                                                                                                                                                                                                                                                                                                                                                                                      Start date:19/11/2024
                                                                                                                                                                                                                                                                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                                                      Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                                                                                                                                      File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                      Reputation:high
                                                                                                                                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                                                                                                                                      Target ID:3
                                                                                                                                                                                                                                                                                                                                                                                      Start time:21:28:42
                                                                                                                                                                                                                                                                                                                                                                                      Start date:19/11/2024
                                                                                                                                                                                                                                                                                                                                                                                      Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                                                      Commandline:taskkill /F /IM chrome.exe /T
                                                                                                                                                                                                                                                                                                                                                                                      Imagebase:0x300000
                                                                                                                                                                                                                                                                                                                                                                                      File size:74'240 bytes
                                                                                                                                                                                                                                                                                                                                                                                      MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                      Reputation:high
                                                                                                                                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                                                                                                                                      Target ID:4
                                                                                                                                                                                                                                                                                                                                                                                      Start time:21:28:42
                                                                                                                                                                                                                                                                                                                                                                                      Start date:19/11/2024
                                                                                                                                                                                                                                                                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                                                      Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                                                                                                                                      File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                      Reputation:high
                                                                                                                                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                                                                                                                                      Target ID:5
                                                                                                                                                                                                                                                                                                                                                                                      Start time:21:28:42
                                                                                                                                                                                                                                                                                                                                                                                      Start date:19/11/2024
                                                                                                                                                                                                                                                                                                                                                                                      Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                                                      Commandline:taskkill /F /IM msedge.exe /T
                                                                                                                                                                                                                                                                                                                                                                                      Imagebase:0x300000
                                                                                                                                                                                                                                                                                                                                                                                      File size:74'240 bytes
                                                                                                                                                                                                                                                                                                                                                                                      MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                      Reputation:high
                                                                                                                                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                                                                                                                                      Target ID:6
                                                                                                                                                                                                                                                                                                                                                                                      Start time:21:28:42
                                                                                                                                                                                                                                                                                                                                                                                      Start date:19/11/2024
                                                                                                                                                                                                                                                                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                                                      Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                                                                                                                                      File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                      Reputation:high
                                                                                                                                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                                                                                                                                      Target ID:7
                                                                                                                                                                                                                                                                                                                                                                                      Start time:21:28:42
                                                                                                                                                                                                                                                                                                                                                                                      Start date:19/11/2024
                                                                                                                                                                                                                                                                                                                                                                                      Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                                                      Commandline:taskkill /F /IM opera.exe /T
                                                                                                                                                                                                                                                                                                                                                                                      Imagebase:0x300000
                                                                                                                                                                                                                                                                                                                                                                                      File size:74'240 bytes
                                                                                                                                                                                                                                                                                                                                                                                      MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                      Reputation:high
                                                                                                                                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                                                                                                                                      Target ID:8
                                                                                                                                                                                                                                                                                                                                                                                      Start time:21:28:42
                                                                                                                                                                                                                                                                                                                                                                                      Start date:19/11/2024
                                                                                                                                                                                                                                                                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                                                      Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                                                                                                                                      File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                      Reputation:high
                                                                                                                                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                                                                                                                                      Target ID:9
                                                                                                                                                                                                                                                                                                                                                                                      Start time:21:28:42
                                                                                                                                                                                                                                                                                                                                                                                      Start date:19/11/2024
                                                                                                                                                                                                                                                                                                                                                                                      Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                                                      Commandline:taskkill /F /IM brave.exe /T
                                                                                                                                                                                                                                                                                                                                                                                      Imagebase:0x300000
                                                                                                                                                                                                                                                                                                                                                                                      File size:74'240 bytes
                                                                                                                                                                                                                                                                                                                                                                                      MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                      Reputation:high
                                                                                                                                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                                                                                                                                      Target ID:10
                                                                                                                                                                                                                                                                                                                                                                                      Start time:21:28:42
                                                                                                                                                                                                                                                                                                                                                                                      Start date:19/11/2024
                                                                                                                                                                                                                                                                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                                                      Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                                                                                                                                      File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                      Reputation:high
                                                                                                                                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                                                                                                                                      Target ID:11
                                                                                                                                                                                                                                                                                                                                                                                      Start time:21:28:42
                                                                                                                                                                                                                                                                                                                                                                                      Start date:19/11/2024
                                                                                                                                                                                                                                                                                                                                                                                      Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                                      Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
                                                                                                                                                                                                                                                                                                                                                                                      Imagebase:0x7ff6bf500000
                                                                                                                                                                                                                                                                                                                                                                                      File size:676'768 bytes
                                                                                                                                                                                                                                                                                                                                                                                      MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                                                                                                                                      Target ID:12
                                                                                                                                                                                                                                                                                                                                                                                      Start time:21:28:43
                                                                                                                                                                                                                                                                                                                                                                                      Start date:19/11/2024
                                                                                                                                                                                                                                                                                                                                                                                      Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                                      Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking --attempting-deelevation
                                                                                                                                                                                                                                                                                                                                                                                      Imagebase:0x7ff6bf500000
                                                                                                                                                                                                                                                                                                                                                                                      File size:676'768 bytes
                                                                                                                                                                                                                                                                                                                                                                                      MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                                                                                                                                      Target ID:13
                                                                                                                                                                                                                                                                                                                                                                                      Start time:21:28:43
                                                                                                                                                                                                                                                                                                                                                                                      Start date:19/11/2024
                                                                                                                                                                                                                                                                                                                                                                                      Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                                      Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
                                                                                                                                                                                                                                                                                                                                                                                      Imagebase:0x7ff6bf500000
                                                                                                                                                                                                                                                                                                                                                                                      File size:676'768 bytes
                                                                                                                                                                                                                                                                                                                                                                                      MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                      Has exited:false

                                                                                                                                                                                                                                                                                                                                                                                      Target ID:15
                                                                                                                                                                                                                                                                                                                                                                                      Start time:21:28:43
                                                                                                                                                                                                                                                                                                                                                                                      Start date:19/11/2024
                                                                                                                                                                                                                                                                                                                                                                                      Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                                      Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2296 -parentBuildID 20230927232528 -prefsHandle 2240 -prefMapHandle 2232 -prefsLen 25359 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e6cc69c0-1ab8-4949-9139-8146a8543006} 7892 "\\.\pipe\gecko-crash-server-pipe.7892" 1fefea6f510 socket
                                                                                                                                                                                                                                                                                                                                                                                      Imagebase:0x7ff6bf500000
                                                                                                                                                                                                                                                                                                                                                                                      File size:676'768 bytes
                                                                                                                                                                                                                                                                                                                                                                                      MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                      Has exited:false

                                                                                                                                                                                                                                                                                                                                                                                      Target ID:16
                                                                                                                                                                                                                                                                                                                                                                                      Start time:21:28:45
                                                                                                                                                                                                                                                                                                                                                                                      Start date:19/11/2024
                                                                                                                                                                                                                                                                                                                                                                                      Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                                      Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3636 -parentBuildID 20230927232528 -prefsHandle 3344 -prefMapHandle 3692 -prefsLen 26208 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cecf5438-3921-42a8-b85b-1ccda718867a} 7892 "\\.\pipe\gecko-crash-server-pipe.7892" 1fe8e5f4b10 rdd
                                                                                                                                                                                                                                                                                                                                                                                      Imagebase:0x7ff6bf500000
                                                                                                                                                                                                                                                                                                                                                                                      File size:676'768 bytes
                                                                                                                                                                                                                                                                                                                                                                                      MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                      Has exited:false

                                                                                                                                                                                                                                                                                                                                                                                      Target ID:18
                                                                                                                                                                                                                                                                                                                                                                                      Start time:21:28:54
                                                                                                                                                                                                                                                                                                                                                                                      Start date:19/11/2024
                                                                                                                                                                                                                                                                                                                                                                                      Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                                      Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4684 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 4984 -prefMapHandle 4988 -prefsLen 33185 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {40f98a07-c25a-448b-9186-f75ef4ee275c} 7892 "\\.\pipe\gecko-crash-server-pipe.7892" 1fefea73710 utility
                                                                                                                                                                                                                                                                                                                                                                                      Imagebase:0x7ff6bf500000
                                                                                                                                                                                                                                                                                                                                                                                      File size:676'768 bytes
                                                                                                                                                                                                                                                                                                                                                                                      MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                      Has exited:false

                                                                                                                                                                                                                                                                                                                                                                                      Target ID:20
                                                                                                                                                                                                                                                                                                                                                                                      Start time:21:28:59
                                                                                                                                                                                                                                                                                                                                                                                      Start date:19/11/2024
                                                                                                                                                                                                                                                                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                                                      Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                                                                                                                                      File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                                                                                                                                      Reset < >

                                                                                                                                                                                                                                                                                                                                                                                        Execution Graph

                                                                                                                                                                                                                                                                                                                                                                                        Execution Coverage:2.2%
                                                                                                                                                                                                                                                                                                                                                                                        Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                                                                                                                                                        Signature Coverage:6.8%
                                                                                                                                                                                                                                                                                                                                                                                        Total number of Nodes:1638
                                                                                                                                                                                                                                                                                                                                                                                        Total number of Limit Nodes:56
                                                                                                                                                                                                                                                                                                                                                                                        execution_graph 94628 172e37 94707 17a961 94628->94707 94632 172e6b 94726 173a5a 94632->94726 94634 172e7f 94733 179cb3 94634->94733 94639 172ead 94761 17a8c7 94639->94761 94640 1b2cb0 94781 1e2cf9 94640->94781 94642 1b2cc3 94643 1b2ccf 94642->94643 94807 174f39 94642->94807 94648 174f39 68 API calls 94643->94648 94646 172ec3 94765 176f88 22 API calls 94646->94765 94651 1b2ce5 94648->94651 94649 172ecf 94650 179cb3 22 API calls 94649->94650 94652 172edc 94650->94652 94813 173084 22 API calls 94651->94813 94766 17a81b 41 API calls 94652->94766 94654 172eec 94657 179cb3 22 API calls 94654->94657 94656 1b2d02 94814 173084 22 API calls 94656->94814 94659 172f12 94657->94659 94767 17a81b 41 API calls 94659->94767 94660 1b2d1e 94662 173a5a 24 API calls 94660->94662 94663 1b2d44 94662->94663 94815 173084 22 API calls 94663->94815 94664 172f21 94667 17a961 22 API calls 94664->94667 94666 1b2d50 94668 17a8c7 22 API calls 94666->94668 94669 172f3f 94667->94669 94671 1b2d5e 94668->94671 94768 173084 22 API calls 94669->94768 94816 173084 22 API calls 94671->94816 94672 172f4b 94769 194a28 40 API calls 3 library calls 94672->94769 94675 1b2d6d 94678 17a8c7 22 API calls 94675->94678 94676 172f59 94676->94651 94677 172f63 94676->94677 94770 194a28 40 API calls 3 library calls 94677->94770 94680 1b2d83 94678->94680 94817 173084 22 API calls 94680->94817 94681 172f6e 94681->94656 94683 172f78 94681->94683 94771 194a28 40 API calls 3 library calls 94683->94771 94684 1b2d90 94686 172f83 94686->94660 94687 172f8d 94686->94687 94772 194a28 40 API calls 3 library calls 94687->94772 94689 172f98 94690 172fdc 94689->94690 94773 173084 22 API calls 94689->94773 94690->94675 94691 172fe8 94690->94691 94691->94684 94775 1763eb 22 API calls 94691->94775 94693 172fbf 94695 17a8c7 22 API calls 94693->94695 94697 172fcd 94695->94697 94696 172ff8 94776 176a50 22 API calls 94696->94776 94774 173084 22 API calls 94697->94774 94700 173006 94777 1770b0 23 API calls 94700->94777 94704 173021 94705 173065 94704->94705 94778 176f88 22 API calls 94704->94778 94779 1770b0 23 API calls 94704->94779 94780 173084 22 API calls 94704->94780 94818 18fe0b 94707->94818 94709 17a976 94828 18fddb 94709->94828 94711 172e4d 94712 174ae3 94711->94712 94713 174af0 __wsopen_s 94712->94713 94715 174b22 94713->94715 94856 176b57 94713->94856 94725 174b58 94715->94725 94853 174c6d 94715->94853 94717 174c29 94718 179cb3 22 API calls 94717->94718 94719 174c5e 94717->94719 94721 174c52 94718->94721 94719->94632 94720 179cb3 22 API calls 94720->94725 94722 17515f 22 API calls 94721->94722 94722->94719 94724 174c6d 22 API calls 94724->94725 94725->94717 94725->94720 94725->94724 94868 17515f 94725->94868 94885 1b1f50 94726->94885 94729 179cb3 22 API calls 94730 173a8d 94729->94730 94887 173aa2 94730->94887 94732 173a97 94732->94634 94734 179cc2 _wcslen 94733->94734 94735 18fe0b 22 API calls 94734->94735 94736 179cea __fread_nolock 94735->94736 94737 18fddb 22 API calls 94736->94737 94738 172e8c 94737->94738 94739 174ecb 94738->94739 94907 174e90 LoadLibraryA 94739->94907 94744 174ef6 LoadLibraryExW 94915 174e59 LoadLibraryA 94744->94915 94745 1b3ccf 94747 174f39 68 API calls 94745->94747 94749 1b3cd6 94747->94749 94751 174e59 3 API calls 94749->94751 94753 1b3cde 94751->94753 94752 174f20 94752->94753 94754 174f2c 94752->94754 94937 1750f5 94753->94937 94755 174f39 68 API calls 94754->94755 94758 172ea5 94755->94758 94758->94639 94758->94640 94760 1b3d05 94762 17a8ea __fread_nolock 94761->94762 94763 17a8db 94761->94763 94762->94646 94763->94762 94764 18fe0b 22 API calls 94763->94764 94764->94762 94765->94649 94766->94654 94767->94664 94768->94672 94769->94676 94770->94681 94771->94686 94772->94689 94773->94693 94774->94690 94775->94696 94776->94700 94777->94704 94778->94704 94779->94704 94780->94704 94782 1e2d15 94781->94782 94783 17511f 64 API calls 94782->94783 94784 1e2d29 94783->94784 95080 1e2e66 94784->95080 94787 1750f5 40 API calls 94788 1e2d56 94787->94788 94789 1750f5 40 API calls 94788->94789 94790 1e2d66 94789->94790 94791 1750f5 40 API calls 94790->94791 94792 1e2d81 94791->94792 94793 1750f5 40 API calls 94792->94793 94794 1e2d9c 94793->94794 94795 17511f 64 API calls 94794->94795 94796 1e2db3 94795->94796 94797 19ea0c ___std_exception_copy 21 API calls 94796->94797 94798 1e2dba 94797->94798 94799 19ea0c ___std_exception_copy 21 API calls 94798->94799 94800 1e2dc4 94799->94800 94801 1750f5 40 API calls 94800->94801 94802 1e2dd8 94801->94802 94803 1e28fe 27 API calls 94802->94803 94805 1e2dee 94803->94805 94804 1e2d3f 94804->94642 94805->94804 95086 1e22ce 79 API calls 94805->95086 94808 174f43 94807->94808 94809 174f4a 94807->94809 95087 19e678 94808->95087 94811 174f6a FreeLibrary 94809->94811 94812 174f59 94809->94812 94811->94812 94812->94643 94813->94656 94814->94660 94815->94666 94816->94675 94817->94684 94821 18fddb 94818->94821 94820 18fdfa 94820->94709 94821->94820 94824 18fdfc 94821->94824 94838 19ea0c 94821->94838 94845 194ead 7 API calls 2 library calls 94821->94845 94823 19066d 94847 1932a4 RaiseException 94823->94847 94824->94823 94846 1932a4 RaiseException 94824->94846 94827 19068a 94827->94709 94831 18fde0 94828->94831 94829 19ea0c ___std_exception_copy 21 API calls 94829->94831 94830 18fdfa 94830->94711 94831->94829 94831->94830 94834 18fdfc 94831->94834 94850 194ead 7 API calls 2 library calls 94831->94850 94833 19066d 94852 1932a4 RaiseException 94833->94852 94834->94833 94851 1932a4 RaiseException 94834->94851 94837 19068a 94837->94711 94843 1a3820 _abort 94838->94843 94839 1a385e 94849 19f2d9 20 API calls _abort 94839->94849 94841 1a3849 RtlAllocateHeap 94842 1a385c 94841->94842 94841->94843 94842->94821 94843->94839 94843->94841 94848 194ead 7 API calls 2 library calls 94843->94848 94845->94821 94846->94823 94847->94827 94848->94843 94849->94842 94850->94831 94851->94833 94852->94837 94874 17aec9 94853->94874 94855 174c78 94855->94715 94857 176b67 _wcslen 94856->94857 94858 1b4ba1 94856->94858 94861 176ba2 94857->94861 94862 176b7d 94857->94862 94881 1793b2 94858->94881 94860 1b4baa 94860->94860 94864 18fddb 22 API calls 94861->94864 94880 176f34 22 API calls 94862->94880 94865 176bae 94864->94865 94866 18fe0b 22 API calls 94865->94866 94867 176b85 __fread_nolock 94866->94867 94867->94715 94869 17516e 94868->94869 94873 17518f __fread_nolock 94868->94873 94871 18fe0b 22 API calls 94869->94871 94870 18fddb 22 API calls 94872 1751a2 94870->94872 94871->94873 94872->94725 94873->94870 94875 17aedc 94874->94875 94879 17aed9 __fread_nolock 94874->94879 94876 18fddb 22 API calls 94875->94876 94877 17aee7 94876->94877 94878 18fe0b 22 API calls 94877->94878 94878->94879 94879->94855 94880->94867 94882 1793c0 94881->94882 94884 1793c9 __fread_nolock 94881->94884 94883 17aec9 22 API calls 94882->94883 94882->94884 94883->94884 94884->94860 94886 173a67 GetModuleFileNameW 94885->94886 94886->94729 94888 1b1f50 __wsopen_s 94887->94888 94889 173aaf GetFullPathNameW 94888->94889 94890 173ace 94889->94890 94891 173ae9 94889->94891 94893 176b57 22 API calls 94890->94893 94901 17a6c3 94891->94901 94894 173ada 94893->94894 94897 1737a0 94894->94897 94898 1737ae 94897->94898 94899 1793b2 22 API calls 94898->94899 94900 1737c2 94899->94900 94900->94732 94902 17a6d0 94901->94902 94903 17a6dd 94901->94903 94902->94894 94904 18fddb 22 API calls 94903->94904 94905 17a6e7 94904->94905 94906 18fe0b 22 API calls 94905->94906 94906->94902 94908 174ec6 94907->94908 94909 174ea8 GetProcAddress 94907->94909 94912 19e5eb 94908->94912 94910 174eb8 94909->94910 94910->94908 94911 174ebf FreeLibrary 94910->94911 94911->94908 94945 19e52a 94912->94945 94914 174eea 94914->94744 94914->94745 94916 174e6e GetProcAddress 94915->94916 94917 174e8d 94915->94917 94918 174e7e 94916->94918 94920 174f80 94917->94920 94918->94917 94919 174e86 FreeLibrary 94918->94919 94919->94917 94921 18fe0b 22 API calls 94920->94921 94922 174f95 94921->94922 95006 175722 94922->95006 94924 174fa1 __fread_nolock 94925 1750a5 94924->94925 94926 1b3d1d 94924->94926 94936 174fdc 94924->94936 95009 1742a2 CreateStreamOnHGlobal 94925->95009 95020 1e304d 74 API calls 94926->95020 94929 1b3d22 94931 17511f 64 API calls 94929->94931 94930 1750f5 40 API calls 94930->94936 94932 1b3d45 94931->94932 94933 1750f5 40 API calls 94932->94933 94935 17506e messages 94933->94935 94935->94752 94936->94929 94936->94930 94936->94935 95015 17511f 94936->95015 94938 175107 94937->94938 94939 1b3d70 94937->94939 95042 19e8c4 94938->95042 94942 1e28fe 95063 1e274e 94942->95063 94944 1e2919 94944->94760 94947 19e536 ___DestructExceptionObject 94945->94947 94946 19e544 94970 19f2d9 20 API calls _abort 94946->94970 94947->94946 94949 19e574 94947->94949 94951 19e579 94949->94951 94952 19e586 94949->94952 94950 19e549 94971 1a27ec 26 API calls _abort 94950->94971 94972 19f2d9 20 API calls _abort 94951->94972 94962 1a8061 94952->94962 94956 19e58f 94957 19e5a2 94956->94957 94958 19e595 94956->94958 94974 19e5d4 LeaveCriticalSection __fread_nolock 94957->94974 94973 19f2d9 20 API calls _abort 94958->94973 94959 19e554 __wsopen_s 94959->94914 94963 1a806d ___DestructExceptionObject 94962->94963 94975 1a2f5e EnterCriticalSection 94963->94975 94965 1a807b 94976 1a80fb 94965->94976 94969 1a80ac __wsopen_s 94969->94956 94970->94950 94971->94959 94972->94959 94973->94959 94974->94959 94975->94965 94983 1a811e 94976->94983 94977 1a8088 94990 1a80b7 94977->94990 94978 1a8177 94995 1a4c7d 20 API calls 2 library calls 94978->94995 94980 1a8180 94996 1a29c8 94980->94996 94983->94977 94983->94978 94993 19918d EnterCriticalSection 94983->94993 94994 1991a1 LeaveCriticalSection 94983->94994 94984 1a8189 94984->94977 95002 1a3405 11 API calls 2 library calls 94984->95002 94986 1a81a8 95003 19918d EnterCriticalSection 94986->95003 94989 1a81bb 94989->94977 95005 1a2fa6 LeaveCriticalSection 94990->95005 94992 1a80be 94992->94969 94993->94983 94994->94983 94995->94980 94997 1a29d3 RtlFreeHeap 94996->94997 94998 1a29fc __dosmaperr 94996->94998 94997->94998 94999 1a29e8 94997->94999 94998->94984 95004 19f2d9 20 API calls _abort 94999->95004 95001 1a29ee GetLastError 95001->94998 95002->94986 95003->94989 95004->95001 95005->94992 95007 18fddb 22 API calls 95006->95007 95008 175734 95007->95008 95008->94924 95010 1742bc FindResourceExW 95009->95010 95011 1742d9 95009->95011 95010->95011 95012 1b35ba LoadResource 95010->95012 95011->94936 95012->95011 95013 1b35cf SizeofResource 95012->95013 95013->95011 95014 1b35e3 LockResource 95013->95014 95014->95011 95016 17512e 95015->95016 95017 1b3d90 95015->95017 95021 19ece3 95016->95021 95020->94929 95024 19eaaa 95021->95024 95023 17513c 95023->94936 95027 19eab6 ___DestructExceptionObject 95024->95027 95025 19eac2 95037 19f2d9 20 API calls _abort 95025->95037 95026 19eae8 95039 19918d EnterCriticalSection 95026->95039 95027->95025 95027->95026 95030 19eac7 95038 1a27ec 26 API calls _abort 95030->95038 95031 19eaf4 95040 19ec0a 62 API calls 2 library calls 95031->95040 95034 19eb08 95041 19eb27 LeaveCriticalSection __fread_nolock 95034->95041 95036 19ead2 __wsopen_s 95036->95023 95037->95030 95038->95036 95039->95031 95040->95034 95041->95036 95045 19e8e1 95042->95045 95044 175118 95044->94942 95046 19e8ed ___DestructExceptionObject 95045->95046 95047 19e92d 95046->95047 95048 19e900 ___scrt_fastfail 95046->95048 95049 19e925 __wsopen_s 95046->95049 95060 19918d EnterCriticalSection 95047->95060 95058 19f2d9 20 API calls _abort 95048->95058 95049->95044 95051 19e937 95061 19e6f8 38 API calls 4 library calls 95051->95061 95054 19e91a 95059 1a27ec 26 API calls _abort 95054->95059 95055 19e94e 95062 19e96c LeaveCriticalSection __fread_nolock 95055->95062 95058->95054 95059->95049 95060->95051 95061->95055 95062->95049 95066 19e4e8 95063->95066 95065 1e275d 95065->94944 95069 19e469 95066->95069 95068 19e505 95068->95065 95070 19e478 95069->95070 95071 19e48c 95069->95071 95077 19f2d9 20 API calls _abort 95070->95077 95076 19e488 __alldvrm 95071->95076 95079 1a333f 11 API calls 2 library calls 95071->95079 95073 19e47d 95078 1a27ec 26 API calls _abort 95073->95078 95076->95068 95077->95073 95078->95076 95079->95076 95085 1e2e7a 95080->95085 95081 1e2d3b 95081->94787 95081->94804 95082 1750f5 40 API calls 95082->95085 95083 1e28fe 27 API calls 95083->95085 95084 17511f 64 API calls 95084->95085 95085->95081 95085->95082 95085->95083 95085->95084 95086->94804 95088 19e684 ___DestructExceptionObject 95087->95088 95089 19e6aa 95088->95089 95090 19e695 95088->95090 95092 19e6a5 __wsopen_s 95089->95092 95100 19918d EnterCriticalSection 95089->95100 95117 19f2d9 20 API calls _abort 95090->95117 95092->94809 95093 19e69a 95118 1a27ec 26 API calls _abort 95093->95118 95096 19e6c6 95101 19e602 95096->95101 95098 19e6d1 95119 19e6ee LeaveCriticalSection __fread_nolock 95098->95119 95100->95096 95102 19e60f 95101->95102 95103 19e624 95101->95103 95152 19f2d9 20 API calls _abort 95102->95152 95109 19e61f 95103->95109 95120 19dc0b 95103->95120 95106 19e614 95153 1a27ec 26 API calls _abort 95106->95153 95109->95098 95113 19e646 95137 1a862f 95113->95137 95116 1a29c8 _free 20 API calls 95116->95109 95117->95093 95118->95092 95119->95092 95121 19dc23 95120->95121 95125 19dc1f 95120->95125 95122 19d955 __fread_nolock 26 API calls 95121->95122 95121->95125 95123 19dc43 95122->95123 95154 1a59be 62 API calls 4 library calls 95123->95154 95126 1a4d7a 95125->95126 95127 1a4d90 95126->95127 95128 19e640 95126->95128 95127->95128 95129 1a29c8 _free 20 API calls 95127->95129 95130 19d955 95128->95130 95129->95128 95131 19d961 95130->95131 95132 19d976 95130->95132 95155 19f2d9 20 API calls _abort 95131->95155 95132->95113 95134 19d966 95156 1a27ec 26 API calls _abort 95134->95156 95136 19d971 95136->95113 95138 1a863e 95137->95138 95139 1a8653 95137->95139 95160 19f2c6 20 API calls _abort 95138->95160 95140 1a868e 95139->95140 95144 1a867a 95139->95144 95162 19f2c6 20 API calls _abort 95140->95162 95143 1a8643 95161 19f2d9 20 API calls _abort 95143->95161 95157 1a8607 95144->95157 95145 1a8693 95163 19f2d9 20 API calls _abort 95145->95163 95149 19e64c 95149->95109 95149->95116 95150 1a869b 95164 1a27ec 26 API calls _abort 95150->95164 95152->95106 95153->95109 95154->95125 95155->95134 95156->95136 95165 1a8585 95157->95165 95159 1a862b 95159->95149 95160->95143 95161->95149 95162->95145 95163->95150 95164->95149 95166 1a8591 ___DestructExceptionObject 95165->95166 95176 1a5147 EnterCriticalSection 95166->95176 95168 1a859f 95169 1a85d1 95168->95169 95170 1a85c6 95168->95170 95192 19f2d9 20 API calls _abort 95169->95192 95177 1a86ae 95170->95177 95173 1a85cc 95193 1a85fb LeaveCriticalSection __wsopen_s 95173->95193 95175 1a85ee __wsopen_s 95175->95159 95176->95168 95194 1a53c4 95177->95194 95179 1a86c4 95207 1a5333 21 API calls 2 library calls 95179->95207 95180 1a86be 95180->95179 95182 1a86f6 95180->95182 95184 1a53c4 __wsopen_s 26 API calls 95180->95184 95182->95179 95185 1a53c4 __wsopen_s 26 API calls 95182->95185 95183 1a871c 95187 1a873e 95183->95187 95208 19f2a3 20 API calls __dosmaperr 95183->95208 95188 1a86ed 95184->95188 95186 1a8702 CloseHandle 95185->95186 95186->95179 95189 1a870e GetLastError 95186->95189 95187->95173 95191 1a53c4 __wsopen_s 26 API calls 95188->95191 95189->95179 95191->95182 95192->95173 95193->95175 95195 1a53d1 95194->95195 95196 1a53e6 95194->95196 95209 19f2c6 20 API calls _abort 95195->95209 95200 1a540b 95196->95200 95211 19f2c6 20 API calls _abort 95196->95211 95199 1a53d6 95210 19f2d9 20 API calls _abort 95199->95210 95200->95180 95201 1a5416 95212 19f2d9 20 API calls _abort 95201->95212 95204 1a541e 95213 1a27ec 26 API calls _abort 95204->95213 95205 1a53de 95205->95180 95207->95183 95208->95187 95209->95199 95210->95205 95211->95201 95212->95204 95213->95205 95214 173156 95217 173170 95214->95217 95218 173187 95217->95218 95219 17318c 95218->95219 95220 1731eb 95218->95220 95261 1731e9 95218->95261 95224 173265 PostQuitMessage 95219->95224 95225 173199 95219->95225 95222 1b2dfb 95220->95222 95223 1731f1 95220->95223 95221 1731d0 DefWindowProcW 95258 17316a 95221->95258 95276 1718e2 10 API calls 95222->95276 95226 17321d SetTimer RegisterWindowMessageW 95223->95226 95227 1731f8 95223->95227 95224->95258 95229 1731a4 95225->95229 95230 1b2e7c 95225->95230 95234 173246 CreatePopupMenu 95226->95234 95226->95258 95231 173201 KillTimer 95227->95231 95232 1b2d9c 95227->95232 95235 1b2e68 95229->95235 95236 1731ae 95229->95236 95289 1dbf30 34 API calls ___scrt_fastfail 95230->95289 95262 1730f2 95231->95262 95238 1b2da1 95232->95238 95239 1b2dd7 MoveWindow 95232->95239 95233 1b2e1c 95277 18e499 42 API calls 95233->95277 95234->95258 95266 1dc161 95235->95266 95243 1b2e4d 95236->95243 95244 1731b9 95236->95244 95246 1b2da7 95238->95246 95247 1b2dc6 SetFocus 95238->95247 95239->95258 95243->95221 95288 1d0ad7 22 API calls 95243->95288 95249 1731c4 95244->95249 95250 173253 95244->95250 95245 1b2e8e 95245->95221 95245->95258 95246->95249 95251 1b2db0 95246->95251 95247->95258 95249->95221 95257 1730f2 Shell_NotifyIconW 95249->95257 95274 17326f 44 API calls ___scrt_fastfail 95250->95274 95275 1718e2 10 API calls 95251->95275 95256 173263 95256->95258 95259 1b2e41 95257->95259 95278 173837 95259->95278 95261->95221 95263 173154 95262->95263 95264 173104 ___scrt_fastfail 95262->95264 95273 173c50 DeleteObject DestroyWindow 95263->95273 95265 173123 Shell_NotifyIconW 95264->95265 95265->95263 95267 1dc179 ___scrt_fastfail 95266->95267 95268 1dc276 95266->95268 95290 173923 95267->95290 95268->95258 95270 1dc25f KillTimer SetTimer 95270->95268 95271 1dc1a0 95271->95270 95272 1dc251 Shell_NotifyIconW 95271->95272 95272->95270 95273->95258 95274->95256 95275->95258 95276->95233 95277->95249 95279 173862 ___scrt_fastfail 95278->95279 95343 174212 95279->95343 95282 1738e8 95284 173906 Shell_NotifyIconW 95282->95284 95285 1b3386 Shell_NotifyIconW 95282->95285 95286 173923 24 API calls 95284->95286 95287 17391c 95286->95287 95287->95261 95288->95261 95289->95245 95291 17393f 95290->95291 95310 173a13 95290->95310 95312 176270 95291->95312 95294 1b3393 LoadStringW 95298 1b33ad 95294->95298 95295 17395a 95296 176b57 22 API calls 95295->95296 95297 17396f 95296->95297 95299 1b33c9 95297->95299 95300 17397c 95297->95300 95302 17a8c7 22 API calls 95298->95302 95305 173994 ___scrt_fastfail 95298->95305 95318 176350 22 API calls 95299->95318 95300->95298 95303 173986 95300->95303 95302->95305 95317 176350 22 API calls 95303->95317 95308 1739f9 Shell_NotifyIconW 95305->95308 95306 1b33d7 95306->95305 95319 1733c6 95306->95319 95308->95310 95309 1b33f9 95311 1733c6 22 API calls 95309->95311 95310->95271 95311->95305 95313 18fe0b 22 API calls 95312->95313 95314 176295 95313->95314 95315 18fddb 22 API calls 95314->95315 95316 17394d 95315->95316 95316->95294 95316->95295 95317->95305 95318->95306 95320 1b30bb 95319->95320 95321 1733dd 95319->95321 95323 18fddb 22 API calls 95320->95323 95328 1733ee 95321->95328 95325 1b30c5 _wcslen 95323->95325 95324 1733e8 95324->95309 95326 18fe0b 22 API calls 95325->95326 95327 1b30fe __fread_nolock 95326->95327 95329 1733fe _wcslen 95328->95329 95330 1b311d 95329->95330 95331 173411 95329->95331 95332 18fddb 22 API calls 95330->95332 95338 17a587 95331->95338 95334 1b3127 95332->95334 95336 18fe0b 22 API calls 95334->95336 95335 17341e __fread_nolock 95335->95324 95337 1b3157 __fread_nolock 95336->95337 95339 17a59d 95338->95339 95342 17a598 __fread_nolock 95338->95342 95340 1bf80f 95339->95340 95341 18fe0b 22 API calls 95339->95341 95341->95342 95342->95335 95344 1738b7 95343->95344 95345 1b35a4 95343->95345 95344->95282 95347 1dc874 42 API calls _strftime 95344->95347 95345->95344 95346 1b35ad DestroyIcon 95345->95346 95346->95344 95347->95282 95348 1903fb 95349 190407 ___DestructExceptionObject 95348->95349 95377 18feb1 95349->95377 95351 19040e 95352 190561 95351->95352 95355 190438 95351->95355 95407 19083f IsProcessorFeaturePresent IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter ___scrt_fastfail 95352->95407 95354 190568 95400 194e52 95354->95400 95366 190477 ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock 95355->95366 95388 1a247d 95355->95388 95362 190457 95364 1904d8 95396 190959 95364->95396 95366->95364 95403 194e1a 38 API calls 2 library calls 95366->95403 95368 1904de 95369 1904f3 95368->95369 95404 190992 GetModuleHandleW 95369->95404 95371 1904fa 95371->95354 95372 1904fe 95371->95372 95373 190507 95372->95373 95405 194df5 28 API calls _abort 95372->95405 95406 190040 13 API calls 2 library calls 95373->95406 95376 19050f 95376->95362 95378 18feba 95377->95378 95409 190698 IsProcessorFeaturePresent 95378->95409 95380 18fec6 95410 192c94 10 API calls 3 library calls 95380->95410 95382 18fecb 95383 18fecf 95382->95383 95411 1a2317 95382->95411 95383->95351 95386 18fee6 95386->95351 95389 1a2494 95388->95389 95390 190a8c __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 95389->95390 95391 190451 95390->95391 95391->95362 95392 1a2421 95391->95392 95393 1a2450 95392->95393 95394 190a8c __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 95393->95394 95395 1a2479 95394->95395 95395->95366 95427 192340 95396->95427 95398 19096c GetStartupInfoW 95399 19097f 95398->95399 95399->95368 95429 194bcf 95400->95429 95403->95364 95404->95371 95405->95373 95406->95376 95407->95354 95409->95380 95410->95382 95415 1ad1f6 95411->95415 95414 192cbd 8 API calls 3 library calls 95414->95383 95418 1ad20f 95415->95418 95417 18fed8 95417->95386 95417->95414 95419 190a8c 95418->95419 95420 190a95 95419->95420 95421 190a97 IsProcessorFeaturePresent 95419->95421 95420->95417 95423 190c5d 95421->95423 95426 190c21 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 95423->95426 95425 190d40 95425->95417 95426->95425 95428 192357 95427->95428 95428->95398 95428->95428 95430 194bdb _abort 95429->95430 95431 194be2 95430->95431 95432 194bf4 95430->95432 95468 194d29 GetModuleHandleW 95431->95468 95453 1a2f5e EnterCriticalSection 95432->95453 95435 194be7 95435->95432 95469 194d6d GetModuleHandleExW 95435->95469 95436 194c99 95457 194cd9 95436->95457 95439 194c70 95444 194c88 95439->95444 95448 1a2421 _abort 5 API calls 95439->95448 95442 194ce2 95477 1b1d29 5 API calls __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 95442->95477 95443 194cb6 95460 194ce8 95443->95460 95449 1a2421 _abort 5 API calls 95444->95449 95448->95444 95449->95436 95450 194bfb 95450->95436 95450->95439 95454 1a21a8 95450->95454 95453->95450 95478 1a1ee1 95454->95478 95497 1a2fa6 LeaveCriticalSection 95457->95497 95459 194cb2 95459->95442 95459->95443 95498 1a360c 95460->95498 95463 194d16 95466 194d6d _abort 8 API calls 95463->95466 95464 194cf6 GetPEB 95464->95463 95465 194d06 GetCurrentProcess TerminateProcess 95464->95465 95465->95463 95467 194d1e ExitProcess 95466->95467 95468->95435 95470 194dba 95469->95470 95471 194d97 GetProcAddress 95469->95471 95472 194dc9 95470->95472 95473 194dc0 FreeLibrary 95470->95473 95475 194dac 95471->95475 95474 190a8c __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 95472->95474 95473->95472 95476 194bf3 95474->95476 95475->95470 95476->95432 95481 1a1e90 95478->95481 95480 1a1f05 95480->95439 95482 1a1e9c ___DestructExceptionObject 95481->95482 95489 1a2f5e EnterCriticalSection 95482->95489 95484 1a1eaa 95490 1a1f31 95484->95490 95488 1a1ec8 __wsopen_s 95488->95480 95489->95484 95493 1a1f59 95490->95493 95494 1a1f51 95490->95494 95491 190a8c __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 95492 1a1eb7 95491->95492 95496 1a1ed5 LeaveCriticalSection _abort 95492->95496 95493->95494 95495 1a29c8 _free 20 API calls 95493->95495 95494->95491 95495->95494 95496->95488 95497->95459 95499 1a3631 95498->95499 95500 1a3627 95498->95500 95505 1a2fd7 5 API calls 2 library calls 95499->95505 95502 190a8c __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 95500->95502 95503 194cf2 95502->95503 95503->95463 95503->95464 95504 1a3648 95504->95500 95505->95504 95506 171033 95511 174c91 95506->95511 95510 171042 95512 17a961 22 API calls 95511->95512 95513 174cff 95512->95513 95519 173af0 95513->95519 95516 174d9c 95517 171038 95516->95517 95522 1751f7 22 API calls __fread_nolock 95516->95522 95518 1900a3 29 API calls __onexit 95517->95518 95518->95510 95523 173b1c 95519->95523 95522->95516 95524 173b0f 95523->95524 95525 173b29 95523->95525 95524->95516 95525->95524 95526 173b30 RegOpenKeyExW 95525->95526 95526->95524 95527 173b4a RegQueryValueExW 95526->95527 95528 173b80 RegCloseKey 95527->95528 95529 173b6b 95527->95529 95528->95524 95529->95528 95530 1acabc 95531 1acace 95530->95531 95532 1acac5 95530->95532 95534 1ac9bb 95532->95534 95554 1a2d74 GetLastError 95534->95554 95536 1ac9c8 95575 1acada 95536->95575 95538 1ac9d0 95584 1ac74f 95538->95584 95541 1ac9e7 95541->95531 95544 1aca2a 95546 1a29c8 _free 20 API calls 95544->95546 95546->95541 95547 1aca1d 95548 1aca25 95547->95548 95551 1aca42 95547->95551 95599 19f2d9 20 API calls _abort 95548->95599 95550 1aca6e 95550->95544 95600 1ac625 26 API calls 95550->95600 95551->95550 95552 1a29c8 _free 20 API calls 95551->95552 95552->95550 95555 1a2d8a 95554->95555 95556 1a2d96 95554->95556 95601 1a320e 11 API calls 2 library calls 95555->95601 95602 1a4c7d 20 API calls 2 library calls 95556->95602 95559 1a2d90 95559->95556 95561 1a2ddf SetLastError 95559->95561 95560 1a2da2 95562 1a2daa 95560->95562 95603 1a3264 11 API calls 2 library calls 95560->95603 95561->95536 95564 1a29c8 _free 20 API calls 95562->95564 95566 1a2db0 95564->95566 95565 1a2dbf 95565->95562 95567 1a2dc6 95565->95567 95569 1a2deb SetLastError 95566->95569 95604 1a2be6 20 API calls _abort 95567->95604 95605 1a28a7 38 API calls _abort 95569->95605 95570 1a2dd1 95572 1a29c8 _free 20 API calls 95570->95572 95574 1a2dd8 95572->95574 95574->95561 95574->95569 95576 1acae6 ___DestructExceptionObject 95575->95576 95577 1a2d74 _abort 38 API calls 95576->95577 95582 1acaf0 95577->95582 95579 1acb74 __wsopen_s 95579->95538 95582->95579 95583 1a29c8 _free 20 API calls 95582->95583 95606 1a28a7 38 API calls _abort 95582->95606 95607 1a2f5e EnterCriticalSection 95582->95607 95608 1acb6b LeaveCriticalSection _abort 95582->95608 95583->95582 95609 1949a5 95584->95609 95587 1ac782 95589 1ac787 GetACP 95587->95589 95590 1ac799 95587->95590 95588 1ac770 GetOEMCP 95588->95590 95589->95590 95590->95541 95591 1a3820 95590->95591 95592 1a385e 95591->95592 95597 1a382e _abort 95591->95597 95620 19f2d9 20 API calls _abort 95592->95620 95594 1a3849 RtlAllocateHeap 95595 1a385c 95594->95595 95594->95597 95595->95544 95598 1acb7c 51 API calls 2 library calls 95595->95598 95597->95592 95597->95594 95619 194ead 7 API calls 2 library calls 95597->95619 95598->95547 95599->95544 95600->95544 95601->95559 95602->95560 95603->95565 95604->95570 95607->95582 95608->95582 95610 1949b8 95609->95610 95611 1949c2 95609->95611 95610->95587 95610->95588 95611->95610 95612 1a2d74 _abort 38 API calls 95611->95612 95613 1949e3 95612->95613 95617 1a2ec3 38 API calls _strftime 95613->95617 95615 1949fc 95618 1a2ef0 38 API calls _strftime 95615->95618 95617->95615 95618->95610 95619->95597 95620->95595 95621 17f7bf 95622 17fcb6 95621->95622 95623 17f7d3 95621->95623 95715 17aceb 95622->95715 95625 17fcc2 95623->95625 95626 18fddb 22 API calls 95623->95626 95627 17aceb 23 API calls 95625->95627 95628 17f7e5 95626->95628 95630 17fd3d 95627->95630 95628->95625 95629 17f83e 95628->95629 95628->95630 95654 17ed9d messages 95629->95654 95656 181310 95629->95656 95725 1e1155 22 API calls 95630->95725 95633 18fddb 22 API calls 95653 17ec76 messages 95633->95653 95634 17fef7 95641 17a8c7 22 API calls 95634->95641 95634->95654 95637 1c4600 95643 17a8c7 22 API calls 95637->95643 95637->95654 95638 1c4b0b 95727 1e359c 82 API calls __wsopen_s 95638->95727 95639 17a8c7 22 API calls 95639->95653 95641->95654 95643->95654 95645 17fbe3 95647 1c4bdc 95645->95647 95645->95654 95655 17f3ae messages 95645->95655 95646 17a961 22 API calls 95646->95653 95728 1e359c 82 API calls __wsopen_s 95647->95728 95648 1900a3 29 API calls pre_c_initialization 95648->95653 95650 190242 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 95650->95653 95651 1c4beb 95729 1e359c 82 API calls __wsopen_s 95651->95729 95652 1901f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent __Init_thread_footer 95652->95653 95653->95633 95653->95634 95653->95637 95653->95638 95653->95639 95653->95645 95653->95646 95653->95648 95653->95650 95653->95651 95653->95652 95653->95654 95653->95655 95713 1801e0 348 API calls 2 library calls 95653->95713 95714 1806a0 41 API calls messages 95653->95714 95655->95654 95726 1e359c 82 API calls __wsopen_s 95655->95726 95657 1817b0 95656->95657 95658 181376 95656->95658 95793 190242 5 API calls __Init_thread_wait 95657->95793 95659 181390 95658->95659 95660 1c6331 95658->95660 95730 181940 95659->95730 95663 1c633d 95660->95663 95797 1f709c 348 API calls 95660->95797 95663->95653 95665 1817ba 95667 1817fb 95665->95667 95669 179cb3 22 API calls 95665->95669 95671 1c6346 95667->95671 95673 18182c 95667->95673 95668 181940 9 API calls 95670 1813b6 95668->95670 95677 1817d4 95669->95677 95670->95667 95672 1813ec 95670->95672 95798 1e359c 82 API calls __wsopen_s 95671->95798 95672->95671 95696 181408 __fread_nolock 95672->95696 95674 17aceb 23 API calls 95673->95674 95676 181839 95674->95676 95795 18d217 348 API calls 95676->95795 95794 1901f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 95677->95794 95680 1c636e 95799 1e359c 82 API calls __wsopen_s 95680->95799 95682 18152f 95683 18153c 95682->95683 95684 1c63d1 95682->95684 95685 181940 9 API calls 95683->95685 95801 1f5745 54 API calls _wcslen 95684->95801 95687 181549 95685->95687 95690 1c64fa 95687->95690 95693 181940 9 API calls 95687->95693 95688 18fddb 22 API calls 95688->95696 95689 18fe0b 22 API calls 95689->95696 95700 1c6369 95690->95700 95802 1e359c 82 API calls __wsopen_s 95690->95802 95691 181872 95796 18faeb 23 API calls 95691->95796 95698 181563 95693->95698 95696->95676 95696->95680 95696->95682 95696->95688 95696->95689 95697 1c63b2 95696->95697 95696->95700 95768 17ec40 95696->95768 95800 1e359c 82 API calls __wsopen_s 95697->95800 95698->95690 95701 17a8c7 22 API calls 95698->95701 95703 1815c7 messages 95698->95703 95700->95653 95701->95703 95702 181940 9 API calls 95702->95703 95703->95690 95703->95691 95703->95700 95703->95702 95705 18167b messages 95703->95705 95740 1fab67 95703->95740 95743 1fabf7 95703->95743 95748 18f645 95703->95748 95755 1e5c5a 95703->95755 95760 201591 95703->95760 95763 1fa2ea 95703->95763 95704 18171d 95704->95653 95705->95704 95792 18ce17 22 API calls messages 95705->95792 95713->95653 95714->95653 95716 17acf9 95715->95716 95724 17ad2a messages 95715->95724 95717 17ad55 95716->95717 95719 17ad01 messages 95716->95719 95718 17a8c7 22 API calls 95717->95718 95717->95724 95718->95724 95720 1bfa48 95719->95720 95721 17ad21 95719->95721 95719->95724 95720->95724 96004 18ce17 22 API calls messages 95720->96004 95722 1bfa3a VariantClear 95721->95722 95721->95724 95722->95724 95724->95625 95725->95654 95726->95654 95727->95654 95728->95651 95729->95654 95731 18195d 95730->95731 95732 181981 95730->95732 95739 1813a0 95731->95739 95805 190242 5 API calls __Init_thread_wait 95731->95805 95803 190242 5 API calls __Init_thread_wait 95732->95803 95734 18198b 95734->95731 95804 1901f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 95734->95804 95737 188727 95737->95739 95806 1901f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 95737->95806 95739->95668 95807 1faff9 95740->95807 95744 1faff9 217 API calls 95743->95744 95745 1fac0c 95744->95745 95746 1fac54 95745->95746 95747 17aceb 23 API calls 95745->95747 95746->95703 95747->95746 95749 17b567 39 API calls 95748->95749 95750 18f659 95749->95750 95751 1cf2dc Sleep 95750->95751 95752 18f661 timeGetTime 95750->95752 95753 17b567 39 API calls 95752->95753 95754 18f677 95753->95754 95754->95703 95756 177510 53 API calls 95755->95756 95757 1e5c6d 95756->95757 95962 1ddbbe lstrlenW 95757->95962 95759 1e5c77 95759->95703 95967 202ad8 95760->95967 95762 20159f 95762->95703 95764 177510 53 API calls 95763->95764 95765 1fa306 95764->95765 95977 1dd4dc CreateToolhelp32Snapshot Process32FirstW 95765->95977 95767 1fa315 95767->95703 95771 17ec76 messages 95768->95771 95769 18fddb 22 API calls 95769->95771 95770 1900a3 29 API calls pre_c_initialization 95770->95771 95771->95769 95771->95770 95772 1901f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent __Init_thread_footer 95771->95772 95773 1c4beb 95771->95773 95774 17fef7 95771->95774 95777 1c4600 95771->95777 95778 1c4b0b 95771->95778 95779 17a8c7 22 API calls 95771->95779 95785 190242 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 95771->95785 95786 17ed9d messages 95771->95786 95787 17fbe3 95771->95787 95788 17a961 22 API calls 95771->95788 95791 17f3ae messages 95771->95791 95998 1801e0 348 API calls 2 library calls 95771->95998 95999 1806a0 41 API calls messages 95771->95999 95772->95771 96003 1e359c 82 API calls __wsopen_s 95773->96003 95781 17a8c7 22 API calls 95774->95781 95774->95786 95783 17a8c7 22 API calls 95777->95783 95777->95786 96001 1e359c 82 API calls __wsopen_s 95778->96001 95779->95771 95781->95786 95783->95786 95785->95771 95786->95696 95787->95786 95789 1c4bdc 95787->95789 95787->95791 95788->95771 96002 1e359c 82 API calls __wsopen_s 95789->96002 95791->95786 96000 1e359c 82 API calls __wsopen_s 95791->96000 95792->95705 95793->95665 95794->95667 95795->95691 95796->95691 95797->95663 95798->95700 95799->95700 95800->95700 95801->95698 95802->95700 95803->95734 95804->95731 95805->95737 95806->95739 95808 1fb01d ___scrt_fastfail 95807->95808 95809 1fb058 95808->95809 95810 1fb094 95808->95810 95928 17b567 95809->95928 95814 17b567 39 API calls 95810->95814 95816 1fb08b 95810->95816 95812 1fb063 95812->95816 95820 17b567 39 API calls 95812->95820 95813 1fb0ed 95898 177510 95813->95898 95815 1fb0a5 95814->95815 95819 17b567 39 API calls 95815->95819 95816->95813 95821 17b567 39 API calls 95816->95821 95819->95816 95823 1fb078 95820->95823 95821->95813 95825 17b567 39 API calls 95823->95825 95824 1fb115 95826 1fb11f 95824->95826 95827 1fb1d8 95824->95827 95825->95816 95828 177510 53 API calls 95826->95828 95829 1fb20a GetCurrentDirectoryW 95827->95829 95832 177510 53 API calls 95827->95832 95830 1fb130 95828->95830 95831 18fe0b 22 API calls 95829->95831 95833 177620 22 API calls 95830->95833 95834 1fb22f GetCurrentDirectoryW 95831->95834 95835 1fb1ef 95832->95835 95836 1fb13a 95833->95836 95837 1fb23c 95834->95837 95838 177620 22 API calls 95835->95838 95840 177510 53 API calls 95836->95840 95842 1fb275 95837->95842 95933 179c6e 22 API calls 95837->95933 95839 1fb1f9 _wcslen 95838->95839 95839->95829 95839->95842 95841 1fb14b 95840->95841 95843 177620 22 API calls 95841->95843 95847 1fb28b 95842->95847 95848 1fb287 95842->95848 95845 1fb155 95843->95845 95849 177510 53 API calls 95845->95849 95846 1fb255 95934 179c6e 22 API calls 95846->95934 95936 1e07c0 10 API calls 95847->95936 95855 1fb39a CreateProcessW 95848->95855 95856 1fb2f8 95848->95856 95852 1fb166 95849->95852 95857 177620 22 API calls 95852->95857 95853 1fb265 95935 179c6e 22 API calls 95853->95935 95854 1fb294 95937 1e06e6 10 API calls 95854->95937 95875 1fb32f _wcslen 95855->95875 95939 1d11c8 39 API calls 95856->95939 95861 1fb170 95857->95861 95862 1fb1a6 GetSystemDirectoryW 95861->95862 95865 177510 53 API calls 95861->95865 95867 18fe0b 22 API calls 95862->95867 95863 1fb2aa 95938 1e05a7 8 API calls 95863->95938 95864 1fb2fd 95868 1fb32a 95864->95868 95869 1fb323 95864->95869 95871 1fb187 95865->95871 95874 1fb1cb GetSystemDirectoryW 95867->95874 95941 1d14ce 6 API calls 95868->95941 95940 1d1201 128 API calls 2 library calls 95869->95940 95877 177620 22 API calls 95871->95877 95873 1fb2d0 95873->95848 95874->95837 95878 1fb42f CloseHandle 95875->95878 95879 1fb3d6 GetLastError 95875->95879 95876 1fb328 95876->95875 95885 1fb191 _wcslen 95877->95885 95880 1fb43f 95878->95880 95897 1fb49a 95878->95897 95888 1fb41a 95879->95888 95882 1fb446 CloseHandle 95880->95882 95883 1fb451 95880->95883 95882->95883 95886 1fb458 CloseHandle 95883->95886 95887 1fb463 95883->95887 95884 1fb4a6 95884->95888 95885->95837 95885->95862 95886->95887 95889 1fb46a CloseHandle 95887->95889 95890 1fb475 95887->95890 95925 1e0175 95888->95925 95889->95890 95942 1e09d9 34 API calls 95890->95942 95893 1fb4d2 CloseHandle 95893->95888 95895 1fb486 95943 1fb536 25 API calls 95895->95943 95897->95884 95897->95893 95899 177525 95898->95899 95900 177522 95898->95900 95901 17752d 95899->95901 95902 17755b 95899->95902 95921 177620 95900->95921 95944 1951c6 26 API calls 95901->95944 95904 1b50f6 95902->95904 95907 17756d 95902->95907 95912 1b500f 95902->95912 95947 195183 26 API calls 95904->95947 95905 17753d 95911 18fddb 22 API calls 95905->95911 95945 18fb21 51 API calls 95907->95945 95908 1b510e 95908->95908 95913 177547 95911->95913 95915 18fe0b 22 API calls 95912->95915 95920 1b5088 95912->95920 95914 179cb3 22 API calls 95913->95914 95914->95900 95916 1b5058 95915->95916 95917 18fddb 22 API calls 95916->95917 95918 1b507f 95917->95918 95919 179cb3 22 API calls 95918->95919 95919->95920 95946 18fb21 51 API calls 95920->95946 95922 17762a _wcslen 95921->95922 95923 18fe0b 22 API calls 95922->95923 95924 17763f 95923->95924 95924->95824 95948 1e030f 95925->95948 95929 17b578 95928->95929 95930 17b57f 95928->95930 95929->95930 95961 1962d1 39 API calls 95929->95961 95930->95812 95932 17b5c2 95932->95812 95933->95846 95934->95853 95935->95842 95936->95854 95937->95863 95938->95873 95939->95864 95940->95876 95941->95875 95942->95895 95943->95897 95944->95905 95945->95905 95946->95904 95947->95908 95949 1e0329 95948->95949 95950 1e0321 CloseHandle 95948->95950 95951 1e032e CloseHandle 95949->95951 95952 1e0336 95949->95952 95950->95949 95951->95952 95953 1e033b CloseHandle 95952->95953 95954 1e0343 95952->95954 95953->95954 95955 1e0348 CloseHandle 95954->95955 95956 1e0350 95954->95956 95955->95956 95957 1e035d 95956->95957 95958 1e0355 CloseHandle 95956->95958 95959 1e017d 95957->95959 95960 1e0362 CloseHandle 95957->95960 95958->95957 95959->95703 95960->95959 95961->95932 95963 1ddbdc GetFileAttributesW 95962->95963 95964 1ddc06 95962->95964 95963->95964 95965 1ddbe8 FindFirstFileW 95963->95965 95964->95759 95965->95964 95966 1ddbf9 FindClose 95965->95966 95966->95964 95968 17aceb 23 API calls 95967->95968 95969 202af3 95968->95969 95970 202b1d 95969->95970 95971 202aff 95969->95971 95973 176b57 22 API calls 95970->95973 95972 177510 53 API calls 95971->95972 95974 202b0c 95972->95974 95976 202b1b 95973->95976 95975 17a8c7 22 API calls 95974->95975 95974->95976 95975->95976 95976->95762 95987 1ddef7 95977->95987 95979 1dd529 Process32NextW 95980 1dd5db CloseHandle 95979->95980 95986 1dd522 95979->95986 95980->95767 95981 17a961 22 API calls 95981->95986 95982 179cb3 22 API calls 95982->95986 95986->95979 95986->95980 95986->95981 95986->95982 95993 17525f 22 API calls 95986->95993 95994 176350 22 API calls 95986->95994 95995 18ce60 41 API calls 95986->95995 95988 1ddf02 95987->95988 95989 1ddf19 95988->95989 95992 1ddf1f 95988->95992 95996 1963b2 GetStringTypeW _strftime 95988->95996 95997 1962fb 39 API calls 95989->95997 95992->95986 95993->95986 95994->95986 95995->95986 95996->95988 95997->95992 95998->95771 95999->95771 96000->95786 96001->95786 96002->95773 96003->95786 96004->95724 96005 1c3f75 96016 18ceb1 96005->96016 96007 1c3f8b 96008 1c4006 96007->96008 96083 18e300 23 API calls 96007->96083 96025 17bf40 96008->96025 96011 1c4052 96015 1c4a88 96011->96015 96085 1e359c 82 API calls __wsopen_s 96011->96085 96013 1c3fe6 96013->96011 96084 1e1abf 22 API calls 96013->96084 96017 18cebf 96016->96017 96018 18ced2 96016->96018 96019 17aceb 23 API calls 96017->96019 96020 18cf05 96018->96020 96021 18ced7 96018->96021 96024 18cec9 96019->96024 96022 17aceb 23 API calls 96020->96022 96023 18fddb 22 API calls 96021->96023 96022->96024 96023->96024 96024->96007 96086 17adf0 96025->96086 96027 17bf9d 96028 1c04b6 96027->96028 96029 17bfa9 96027->96029 96104 1e359c 82 API calls __wsopen_s 96028->96104 96031 1c04c6 96029->96031 96032 17c01e 96029->96032 96105 1e359c 82 API calls __wsopen_s 96031->96105 96091 17ac91 96032->96091 96035 1c04f5 96047 1c055a 96035->96047 96106 18d217 348 API calls 96035->96106 96036 1d7120 22 API calls 96045 17c039 __fread_nolock messages 96036->96045 96037 17c7da 96041 18fe0b 22 API calls 96037->96041 96046 17c808 __fread_nolock 96041->96046 96045->96035 96045->96036 96045->96037 96045->96046 96045->96047 96048 17af8a 22 API calls 96045->96048 96049 1c091a 96045->96049 96051 18fddb 22 API calls 96045->96051 96054 17ec40 348 API calls 96045->96054 96055 1c08a5 96045->96055 96059 1c0591 96045->96059 96062 1c08f6 96045->96062 96065 17c237 96045->96065 96066 17aceb 23 API calls 96045->96066 96068 18fe0b 22 API calls 96045->96068 96070 17c603 96045->96070 96077 1c09bf 96045->96077 96080 17bbe0 40 API calls 96045->96080 96095 17ad81 96045->96095 96109 1d7099 22 API calls __fread_nolock 96045->96109 96110 1f5745 54 API calls _wcslen 96045->96110 96111 18aa42 22 API calls messages 96045->96111 96112 1df05c 40 API calls 96045->96112 96113 17a993 41 API calls 96045->96113 96050 18fe0b 22 API calls 96046->96050 96047->96070 96107 1e359c 82 API calls __wsopen_s 96047->96107 96048->96045 96116 1e3209 23 API calls 96049->96116 96073 17c350 __fread_nolock messages 96050->96073 96051->96045 96054->96045 96056 17ec40 348 API calls 96055->96056 96057 1c08cf 96056->96057 96057->96070 96114 17a81b 41 API calls 96057->96114 96108 1e359c 82 API calls __wsopen_s 96059->96108 96115 1e359c 82 API calls __wsopen_s 96062->96115 96067 17c253 96065->96067 96069 17a8c7 22 API calls 96065->96069 96066->96045 96071 1c0976 96067->96071 96075 17c297 messages 96067->96075 96068->96045 96069->96067 96070->96011 96074 17aceb 23 API calls 96071->96074 96082 17c3ac 96073->96082 96103 18ce17 22 API calls messages 96073->96103 96074->96077 96076 17aceb 23 API calls 96075->96076 96075->96077 96078 17c335 96076->96078 96077->96070 96117 1e359c 82 API calls __wsopen_s 96077->96117 96078->96077 96079 17c342 96078->96079 96102 17a704 22 API calls messages 96079->96102 96080->96045 96082->96011 96083->96013 96084->96008 96085->96015 96087 17ae01 96086->96087 96090 17ae1c messages 96086->96090 96088 17aec9 22 API calls 96087->96088 96089 17ae09 CharUpperBuffW 96088->96089 96089->96090 96090->96027 96092 17acae 96091->96092 96093 17acd1 96092->96093 96118 1e359c 82 API calls __wsopen_s 96092->96118 96093->96045 96096 1bfadb 96095->96096 96097 17ad92 96095->96097 96098 18fddb 22 API calls 96097->96098 96099 17ad99 96098->96099 96119 17adcd 96099->96119 96102->96073 96103->96073 96104->96031 96105->96070 96106->96047 96107->96070 96108->96070 96109->96045 96110->96045 96111->96045 96112->96045 96113->96045 96114->96062 96115->96070 96116->96065 96117->96070 96118->96093 96122 17addd 96119->96122 96120 17adb6 96120->96045 96121 18fddb 22 API calls 96121->96122 96122->96120 96122->96121 96123 17a961 22 API calls 96122->96123 96124 17a8c7 22 API calls 96122->96124 96125 17adcd 22 API calls 96122->96125 96123->96122 96124->96122 96125->96122 96126 17defc 96129 171d6f 96126->96129 96128 17df07 96130 171d8c 96129->96130 96138 171f6f 96130->96138 96132 171da6 96133 1b2759 96132->96133 96135 171e36 96132->96135 96136 171dc2 96132->96136 96142 1e359c 82 API calls __wsopen_s 96133->96142 96135->96128 96136->96135 96141 17289a 23 API calls 96136->96141 96139 17ec40 348 API calls 96138->96139 96140 171f98 96139->96140 96140->96132 96141->96135 96142->96135 96143 17dddc 96146 17b710 96143->96146 96147 17b72b 96146->96147 96148 1c00f8 96147->96148 96149 1c0146 96147->96149 96157 17b750 96147->96157 96152 1c0102 96148->96152 96155 1c010f 96148->96155 96148->96157 96199 1f58a2 348 API calls 2 library calls 96149->96199 96197 1f5d33 348 API calls 96152->96197 96169 17ba20 96155->96169 96198 1f61d0 348 API calls 2 library calls 96155->96198 96161 18d336 40 API calls 96157->96161 96164 17ba4e 96157->96164 96165 1c0322 96157->96165 96157->96169 96172 17aceb 23 API calls 96157->96172 96173 17bbe0 40 API calls 96157->96173 96174 17ec40 348 API calls 96157->96174 96175 17a8c7 22 API calls 96157->96175 96177 18ee53 96157->96177 96181 18e5ca 96157->96181 96190 17a81b 41 API calls 96157->96190 96191 18d2f0 40 API calls 96157->96191 96192 18a01b 348 API calls 96157->96192 96193 190242 5 API calls __Init_thread_wait 96157->96193 96194 18edcd 22 API calls 96157->96194 96195 1900a3 29 API calls __onexit 96157->96195 96196 1901f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 96157->96196 96200 1cf6bf 23 API calls 96157->96200 96159 1c03d9 96159->96159 96161->96157 96201 1f5c0c 82 API calls 96165->96201 96169->96164 96202 1e359c 82 API calls __wsopen_s 96169->96202 96172->96157 96173->96157 96174->96157 96175->96157 96178 18eeb8 96177->96178 96179 18ee70 96177->96179 96178->96157 96179->96178 96203 1e359c 82 API calls __wsopen_s 96179->96203 96187 18e5fa 96181->96187 96182 18e5ca 348 API calls 96182->96187 96184 18e70e 96184->96157 96185 18e710 96185->96184 96215 1e359c 82 API calls __wsopen_s 96185->96215 96186 17ec40 348 API calls 96186->96187 96187->96182 96187->96184 96187->96185 96187->96186 96189 17aceb 23 API calls 96187->96189 96204 1804f0 96187->96204 96189->96187 96190->96157 96191->96157 96192->96157 96193->96157 96194->96157 96195->96157 96196->96157 96197->96155 96198->96169 96199->96157 96200->96157 96201->96169 96202->96159 96203->96178 96205 180502 96204->96205 96208 18050b 96205->96208 96216 18a732 22 API calls 96205->96216 96207 1805c0 96207->96187 96208->96207 96209 18fddb 22 API calls 96208->96209 96210 180629 96209->96210 96211 18fddb 22 API calls 96210->96211 96212 180632 96211->96212 96213 179cb3 22 API calls 96212->96213 96214 180641 96213->96214 96214->96187 96215->96184 96216->96208 96217 17105b 96222 17344d 96217->96222 96219 17106a 96253 1900a3 29 API calls __onexit 96219->96253 96221 171074 96223 17345d __wsopen_s 96222->96223 96224 17a961 22 API calls 96223->96224 96225 173513 96224->96225 96226 173a5a 24 API calls 96225->96226 96227 17351c 96226->96227 96254 173357 96227->96254 96230 1733c6 22 API calls 96231 173535 96230->96231 96232 17515f 22 API calls 96231->96232 96233 173544 96232->96233 96234 17a961 22 API calls 96233->96234 96235 17354d 96234->96235 96236 17a6c3 22 API calls 96235->96236 96237 173556 RegOpenKeyExW 96236->96237 96238 1b3176 RegQueryValueExW 96237->96238 96242 173578 96237->96242 96239 1b320c RegCloseKey 96238->96239 96240 1b3193 96238->96240 96239->96242 96252 1b321e _wcslen 96239->96252 96241 18fe0b 22 API calls 96240->96241 96243 1b31ac 96241->96243 96242->96219 96244 175722 22 API calls 96243->96244 96245 1b31b7 RegQueryValueExW 96244->96245 96246 1b31d4 96245->96246 96249 1b31ee messages 96245->96249 96247 176b57 22 API calls 96246->96247 96247->96249 96248 174c6d 22 API calls 96248->96252 96249->96239 96250 179cb3 22 API calls 96250->96252 96251 17515f 22 API calls 96251->96252 96252->96242 96252->96248 96252->96250 96252->96251 96253->96221 96255 1b1f50 __wsopen_s 96254->96255 96256 173364 GetFullPathNameW 96255->96256 96257 173386 96256->96257 96258 176b57 22 API calls 96257->96258 96259 1733a4 96258->96259 96259->96230 96260 171098 96265 1742de 96260->96265 96264 1710a7 96266 17a961 22 API calls 96265->96266 96267 1742f5 GetVersionExW 96266->96267 96268 176b57 22 API calls 96267->96268 96269 174342 96268->96269 96270 1793b2 22 API calls 96269->96270 96279 174378 96269->96279 96271 17436c 96270->96271 96273 1737a0 22 API calls 96271->96273 96272 17441b GetCurrentProcess IsWow64Process 96274 174437 96272->96274 96273->96279 96275 17444f LoadLibraryA 96274->96275 96276 1b3824 GetSystemInfo 96274->96276 96277 174460 GetProcAddress 96275->96277 96278 17449c GetSystemInfo 96275->96278 96277->96278 96281 174470 GetNativeSystemInfo 96277->96281 96282 174476 96278->96282 96279->96272 96280 1b37df 96279->96280 96281->96282 96283 17109d 96282->96283 96284 17447a FreeLibrary 96282->96284 96285 1900a3 29 API calls __onexit 96283->96285 96284->96283 96285->96264 96286 171044 96291 1710f3 96286->96291 96288 17104a 96327 1900a3 29 API calls __onexit 96288->96327 96290 171054 96328 171398 96291->96328 96295 17116a 96296 17a961 22 API calls 96295->96296 96297 171174 96296->96297 96298 17a961 22 API calls 96297->96298 96299 17117e 96298->96299 96300 17a961 22 API calls 96299->96300 96301 171188 96300->96301 96302 17a961 22 API calls 96301->96302 96303 1711c6 96302->96303 96304 17a961 22 API calls 96303->96304 96305 171292 96304->96305 96338 17171c 96305->96338 96309 1712c4 96310 17a961 22 API calls 96309->96310 96311 1712ce 96310->96311 96312 181940 9 API calls 96311->96312 96313 1712f9 96312->96313 96359 171aab 96313->96359 96315 171315 96316 171325 GetStdHandle 96315->96316 96317 17137a 96316->96317 96318 1b2485 96316->96318 96321 171387 OleInitialize 96317->96321 96318->96317 96319 1b248e 96318->96319 96320 18fddb 22 API calls 96319->96320 96322 1b2495 96320->96322 96321->96288 96366 1e011d InitializeCriticalSectionAndSpinCount InterlockedExchange GetCurrentProcess GetCurrentProcess DuplicateHandle 96322->96366 96324 1b249e 96367 1e0944 CreateThread 96324->96367 96326 1b24aa CloseHandle 96326->96317 96327->96290 96368 1713f1 96328->96368 96331 1713f1 22 API calls 96332 1713d0 96331->96332 96333 17a961 22 API calls 96332->96333 96334 1713dc 96333->96334 96335 176b57 22 API calls 96334->96335 96336 171129 96335->96336 96337 171bc3 6 API calls 96336->96337 96337->96295 96339 17a961 22 API calls 96338->96339 96340 17172c 96339->96340 96341 17a961 22 API calls 96340->96341 96342 171734 96341->96342 96343 17a961 22 API calls 96342->96343 96344 17174f 96343->96344 96345 18fddb 22 API calls 96344->96345 96346 17129c 96345->96346 96347 171b4a 96346->96347 96348 171b58 96347->96348 96349 17a961 22 API calls 96348->96349 96350 171b63 96349->96350 96351 17a961 22 API calls 96350->96351 96352 171b6e 96351->96352 96353 17a961 22 API calls 96352->96353 96354 171b79 96353->96354 96355 17a961 22 API calls 96354->96355 96356 171b84 96355->96356 96357 18fddb 22 API calls 96356->96357 96358 171b96 RegisterWindowMessageW 96357->96358 96358->96309 96360 1b272d 96359->96360 96361 171abb 96359->96361 96375 1e3209 23 API calls 96360->96375 96362 18fddb 22 API calls 96361->96362 96364 171ac3 96362->96364 96364->96315 96365 1b2738 96366->96324 96367->96326 96376 1e092a 28 API calls 96367->96376 96369 17a961 22 API calls 96368->96369 96370 1713fc 96369->96370 96371 17a961 22 API calls 96370->96371 96372 171404 96371->96372 96373 17a961 22 API calls 96372->96373 96374 1713c6 96373->96374 96374->96331 96375->96365 96377 172de3 96378 172df0 __wsopen_s 96377->96378 96379 1b2c2b ___scrt_fastfail 96378->96379 96380 172e09 96378->96380 96382 1b2c47 GetOpenFileNameW 96379->96382 96381 173aa2 23 API calls 96380->96381 96383 172e12 96381->96383 96384 1b2c96 96382->96384 96393 172da5 96383->96393 96386 176b57 22 API calls 96384->96386 96388 1b2cab 96386->96388 96388->96388 96390 172e27 96411 1744a8 96390->96411 96394 1b1f50 __wsopen_s 96393->96394 96395 172db2 GetLongPathNameW 96394->96395 96396 176b57 22 API calls 96395->96396 96397 172dda 96396->96397 96398 173598 96397->96398 96399 17a961 22 API calls 96398->96399 96400 1735aa 96399->96400 96401 173aa2 23 API calls 96400->96401 96402 1735b5 96401->96402 96403 1b32eb 96402->96403 96404 1735c0 96402->96404 96410 1b330d 96403->96410 96446 18ce60 41 API calls 96403->96446 96406 17515f 22 API calls 96404->96406 96407 1735cc 96406->96407 96440 1735f3 96407->96440 96409 1735df 96409->96390 96412 174ecb 94 API calls 96411->96412 96413 1744cd 96412->96413 96414 1b3833 96413->96414 96415 174ecb 94 API calls 96413->96415 96416 1e2cf9 80 API calls 96414->96416 96417 1744e1 96415->96417 96418 1b3848 96416->96418 96417->96414 96419 1744e9 96417->96419 96420 1b3869 96418->96420 96421 1b384c 96418->96421 96423 1744f5 96419->96423 96424 1b3854 96419->96424 96422 18fe0b 22 API calls 96420->96422 96425 174f39 68 API calls 96421->96425 96439 1b38ae 96422->96439 96447 17940c 136 API calls 2 library calls 96423->96447 96448 1dda5a 82 API calls 96424->96448 96425->96424 96428 1b3862 96428->96420 96429 172e31 96430 174f39 68 API calls 96433 1b3a5f 96430->96433 96433->96430 96454 1d989b 82 API calls __wsopen_s 96433->96454 96436 179cb3 22 API calls 96436->96439 96439->96433 96439->96436 96449 1d967e 22 API calls __fread_nolock 96439->96449 96450 1d95ad 42 API calls _wcslen 96439->96450 96451 1e0b5a 22 API calls 96439->96451 96452 17a4a1 22 API calls __fread_nolock 96439->96452 96453 173ff7 22 API calls 96439->96453 96441 173605 96440->96441 96445 173624 __fread_nolock 96440->96445 96443 18fe0b 22 API calls 96441->96443 96442 18fddb 22 API calls 96444 17363b 96442->96444 96443->96445 96444->96409 96445->96442 96446->96403 96447->96429 96448->96428 96449->96439 96450->96439 96451->96439 96452->96439 96453->96439 96454->96433 96455 202a55 96463 1e1ebc 96455->96463 96458 202a70 96465 1d39c0 22 API calls 96458->96465 96460 202a7c 96466 1d417d 22 API calls __fread_nolock 96460->96466 96462 202a87 96464 1e1ec3 IsWindow 96463->96464 96464->96458 96464->96462 96465->96460 96466->96462 96467 1a8402 96472 1a81be 96467->96472 96470 1a842a 96477 1a81ef try_get_first_available_module 96472->96477 96474 1a83ee 96491 1a27ec 26 API calls _abort 96474->96491 96476 1a8343 96476->96470 96484 1b0984 96476->96484 96477->96477 96480 1a8338 96477->96480 96487 198e0b 40 API calls 2 library calls 96477->96487 96479 1a838c 96479->96480 96488 198e0b 40 API calls 2 library calls 96479->96488 96480->96476 96490 19f2d9 20 API calls _abort 96480->96490 96482 1a83ab 96482->96480 96489 198e0b 40 API calls 2 library calls 96482->96489 96492 1b0081 96484->96492 96486 1b099f 96486->96470 96487->96479 96488->96482 96489->96480 96490->96474 96491->96476 96493 1b008d ___DestructExceptionObject 96492->96493 96494 1b009b 96493->96494 96496 1b00d4 96493->96496 96549 19f2d9 20 API calls _abort 96494->96549 96503 1b065b 96496->96503 96497 1b00a0 96550 1a27ec 26 API calls _abort 96497->96550 96502 1b00aa __wsopen_s 96502->96486 96504 1b0678 96503->96504 96505 1b068d 96504->96505 96506 1b06a6 96504->96506 96566 19f2c6 20 API calls _abort 96505->96566 96552 1a5221 96506->96552 96509 1b06ab 96510 1b06cb 96509->96510 96511 1b06b4 96509->96511 96565 1b039a CreateFileW 96510->96565 96568 19f2c6 20 API calls _abort 96511->96568 96515 1b06b9 96569 19f2d9 20 API calls _abort 96515->96569 96516 1b0704 96518 1b0781 GetFileType 96516->96518 96520 1b0756 GetLastError 96516->96520 96570 1b039a CreateFileW 96516->96570 96519 1b078c GetLastError 96518->96519 96523 1b07d3 96518->96523 96572 19f2a3 20 API calls __dosmaperr 96519->96572 96571 19f2a3 20 API calls __dosmaperr 96520->96571 96574 1a516a 21 API calls 2 library calls 96523->96574 96524 1b0692 96567 19f2d9 20 API calls _abort 96524->96567 96525 1b079a CloseHandle 96525->96524 96527 1b07c3 96525->96527 96573 19f2d9 20 API calls _abort 96527->96573 96529 1b0749 96529->96518 96529->96520 96531 1b07f4 96532 1b0840 96531->96532 96575 1b05ab 72 API calls 3 library calls 96531->96575 96537 1b086d 96532->96537 96576 1b014d 72 API calls 4 library calls 96532->96576 96533 1b07c8 96533->96524 96536 1b0866 96536->96537 96538 1b087e 96536->96538 96539 1a86ae __wsopen_s 29 API calls 96537->96539 96540 1b00f8 96538->96540 96541 1b08fc CloseHandle 96538->96541 96539->96540 96551 1b0121 LeaveCriticalSection __wsopen_s 96540->96551 96577 1b039a CreateFileW 96541->96577 96543 1b0927 96544 1b095d 96543->96544 96545 1b0931 GetLastError 96543->96545 96544->96540 96578 19f2a3 20 API calls __dosmaperr 96545->96578 96547 1b093d 96579 1a5333 21 API calls 2 library calls 96547->96579 96549->96497 96550->96502 96551->96502 96553 1a522d ___DestructExceptionObject 96552->96553 96580 1a2f5e EnterCriticalSection 96553->96580 96555 1a5234 96557 1a5259 96555->96557 96561 1a52c7 EnterCriticalSection 96555->96561 96563 1a527b 96555->96563 96584 1a5000 21 API calls 3 library calls 96557->96584 96558 1a52a4 __wsopen_s 96558->96509 96560 1a525e 96560->96563 96585 1a5147 EnterCriticalSection 96560->96585 96562 1a52d4 LeaveCriticalSection 96561->96562 96561->96563 96562->96555 96581 1a532a 96563->96581 96565->96516 96566->96524 96567->96540 96568->96515 96569->96524 96570->96529 96571->96524 96572->96525 96573->96533 96574->96531 96575->96532 96576->96536 96577->96543 96578->96547 96579->96544 96580->96555 96586 1a2fa6 LeaveCriticalSection 96581->96586 96583 1a5331 96583->96558 96584->96560 96585->96563 96586->96583 96587 1b2402 96590 171410 96587->96590 96591 1b24b8 DestroyWindow 96590->96591 96592 17144f mciSendStringW 96590->96592 96604 1b24c4 96591->96604 96593 1716c6 96592->96593 96594 17146b 96592->96594 96593->96594 96596 1716d5 UnregisterHotKey 96593->96596 96595 171479 96594->96595 96594->96604 96623 17182e 96595->96623 96596->96593 96598 1b24d8 96598->96604 96629 176246 CloseHandle 96598->96629 96599 1b24e2 FindClose 96599->96604 96601 1b2509 96605 1b252d 96601->96605 96606 1b251c FreeLibrary 96601->96606 96603 17148e 96603->96605 96613 17149c 96603->96613 96604->96598 96604->96599 96604->96601 96607 1b2541 VirtualFree 96605->96607 96614 171509 96605->96614 96606->96601 96607->96605 96608 1714f8 CoUninitialize 96608->96614 96609 1b2589 96616 1b2598 messages 96609->96616 96630 1e32eb 6 API calls messages 96609->96630 96610 171514 96611 171524 96610->96611 96627 171944 VirtualFreeEx CloseHandle 96611->96627 96613->96608 96614->96609 96614->96610 96619 1b2627 96616->96619 96631 1d64d4 22 API calls messages 96616->96631 96618 17153a 96618->96616 96620 17161f 96618->96620 96619->96619 96620->96619 96628 171876 CloseHandle InternetCloseHandle InternetCloseHandle WaitForSingleObject 96620->96628 96622 1716c1 96624 17183b 96623->96624 96625 171480 96624->96625 96632 1d702a 22 API calls 96624->96632 96625->96601 96625->96603 96627->96618 96628->96622 96629->96598 96630->96609 96631->96616 96632->96624 96633 171cad SystemParametersInfoW 96634 1c2a00 96649 17d7b0 messages 96634->96649 96635 17db11 PeekMessageW 96635->96649 96636 17d807 GetInputState 96636->96635 96636->96649 96638 1c1cbe TranslateAcceleratorW 96638->96649 96639 17da04 timeGetTime 96639->96649 96640 17db73 TranslateMessage DispatchMessageW 96641 17db8f PeekMessageW 96640->96641 96641->96649 96642 17dbaf Sleep 96642->96649 96643 1c2b74 Sleep 96656 1c2a51 96643->96656 96645 1c1dda timeGetTime 96680 18e300 23 API calls 96645->96680 96648 1dd4dc 47 API calls 96648->96656 96649->96635 96649->96636 96649->96638 96649->96639 96649->96640 96649->96641 96649->96642 96649->96643 96649->96645 96652 17d9d5 96649->96652 96649->96656 96662 17ec40 348 API calls 96649->96662 96663 181310 348 API calls 96649->96663 96664 17bf40 348 API calls 96649->96664 96666 17dd50 96649->96666 96673 18edf6 96649->96673 96678 17dfd0 348 API calls 3 library calls 96649->96678 96679 18e551 timeGetTime 96649->96679 96681 1e3a2a 23 API calls 96649->96681 96682 1e359c 82 API calls __wsopen_s 96649->96682 96650 1c2c0b GetExitCodeProcess 96653 1c2c37 CloseHandle 96650->96653 96654 1c2c21 WaitForSingleObject 96650->96654 96653->96656 96654->96649 96654->96653 96655 2029bf GetForegroundWindow 96655->96656 96656->96648 96656->96649 96656->96650 96656->96652 96656->96655 96657 1c2ca9 Sleep 96656->96657 96683 1f5658 23 API calls 96656->96683 96684 1de97b QueryPerformanceCounter QueryPerformanceFrequency Sleep QueryPerformanceCounter Sleep 96656->96684 96685 18e551 timeGetTime 96656->96685 96657->96649 96662->96649 96663->96649 96664->96649 96667 17dd83 96666->96667 96668 17dd6f 96666->96668 96718 1e359c 82 API calls __wsopen_s 96667->96718 96686 17d260 96668->96686 96671 17dd7a 96671->96649 96672 1c2f75 96672->96672 96675 18ee09 96673->96675 96677 18ee12 96673->96677 96674 18ee36 IsDialogMessageW 96674->96675 96674->96677 96675->96649 96676 1cefaf GetClassLongW 96676->96674 96676->96677 96677->96674 96677->96675 96677->96676 96678->96649 96679->96649 96680->96649 96681->96649 96682->96649 96683->96656 96684->96656 96685->96656 96687 17ec40 348 API calls 96686->96687 96704 17d29d 96687->96704 96688 1c1bc4 96724 1e359c 82 API calls __wsopen_s 96688->96724 96690 17d6d5 96692 17d30b messages 96690->96692 96702 18fe0b 22 API calls 96690->96702 96691 17d3c3 96691->96690 96694 17d3ce 96691->96694 96692->96671 96693 17d5ff 96696 17d614 96693->96696 96697 1c1bb5 96693->96697 96695 18fddb 22 API calls 96694->96695 96707 17d3d5 __fread_nolock 96695->96707 96699 18fddb 22 API calls 96696->96699 96723 1f5705 23 API calls 96697->96723 96698 17d4b8 96703 18fe0b 22 API calls 96698->96703 96710 17d46a 96699->96710 96701 18fddb 22 API calls 96701->96704 96702->96707 96713 17d429 __fread_nolock messages 96703->96713 96704->96688 96704->96690 96704->96691 96704->96692 96704->96698 96704->96701 96704->96713 96705 18fddb 22 API calls 96706 17d3f6 96705->96706 96706->96713 96719 17bec0 348 API calls 96706->96719 96707->96705 96707->96706 96709 1c1ba4 96722 1e359c 82 API calls __wsopen_s 96709->96722 96710->96671 96712 171f6f 348 API calls 96712->96713 96713->96693 96713->96709 96713->96710 96713->96712 96714 1c1b7f 96713->96714 96716 1c1b5d 96713->96716 96721 1e359c 82 API calls __wsopen_s 96714->96721 96720 1e359c 82 API calls __wsopen_s 96716->96720 96718->96672 96719->96713 96720->96710 96721->96710 96722->96710 96723->96688 96724->96692 96725 1b2ba5 96726 172b25 96725->96726 96727 1b2baf 96725->96727 96753 172b83 7 API calls 96726->96753 96729 173a5a 24 API calls 96727->96729 96731 1b2bb8 96729->96731 96733 179cb3 22 API calls 96731->96733 96735 1b2bc6 96733->96735 96734 172b2f 96740 173837 49 API calls 96734->96740 96744 172b44 96734->96744 96736 1b2bce 96735->96736 96737 1b2bf5 96735->96737 96739 1733c6 22 API calls 96736->96739 96738 1733c6 22 API calls 96737->96738 96741 1b2bf1 GetForegroundWindow ShellExecuteW 96738->96741 96742 1b2bd9 96739->96742 96740->96744 96748 1b2c26 96741->96748 96757 176350 22 API calls 96742->96757 96743 172b5f 96750 172b66 SetCurrentDirectoryW 96743->96750 96744->96743 96747 1730f2 Shell_NotifyIconW 96744->96747 96747->96743 96748->96743 96749 1b2be7 96751 1733c6 22 API calls 96749->96751 96752 172b7a 96750->96752 96751->96741 96758 172cd4 7 API calls 96753->96758 96755 172b2a 96756 172c63 CreateWindowExW CreateWindowExW ShowWindow ShowWindow 96755->96756 96756->96734 96757->96749 96758->96755

                                                                                                                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                        control_flow_graph 389 1742de-17434d call 17a961 GetVersionExW call 176b57 394 174353 389->394 395 1b3617-1b362a 389->395 397 174355-174357 394->397 396 1b362b-1b362f 395->396 398 1b3632-1b363e 396->398 399 1b3631 396->399 400 17435d-1743bc call 1793b2 call 1737a0 397->400 401 1b3656 397->401 398->396 402 1b3640-1b3642 398->402 399->398 418 1b37df-1b37e6 400->418 419 1743c2-1743c4 400->419 405 1b365d-1b3660 401->405 402->397 404 1b3648-1b364f 402->404 404->395 407 1b3651 404->407 408 17441b-174435 GetCurrentProcess IsWow64Process 405->408 409 1b3666-1b36a8 405->409 407->401 411 174437 408->411 412 174494-17449a 408->412 409->408 413 1b36ae-1b36b1 409->413 415 17443d-174449 411->415 412->415 416 1b36db-1b36e5 413->416 417 1b36b3-1b36bd 413->417 424 17444f-17445e LoadLibraryA 415->424 425 1b3824-1b3828 GetSystemInfo 415->425 420 1b36f8-1b3702 416->420 421 1b36e7-1b36f3 416->421 426 1b36ca-1b36d6 417->426 427 1b36bf-1b36c5 417->427 422 1b37e8 418->422 423 1b3806-1b3809 418->423 419->405 428 1743ca-1743dd 419->428 432 1b3715-1b3721 420->432 433 1b3704-1b3710 420->433 421->408 431 1b37ee 422->431 434 1b380b-1b381a 423->434 435 1b37f4-1b37fc 423->435 436 174460-17446e GetProcAddress 424->436 437 17449c-1744a6 GetSystemInfo 424->437 426->408 427->408 429 1743e3-1743e5 428->429 430 1b3726-1b372f 428->430 438 1b374d-1b3762 429->438 439 1743eb-1743ee 429->439 440 1b373c-1b3748 430->440 441 1b3731-1b3737 430->441 431->435 432->408 433->408 434->431 442 1b381c-1b3822 434->442 435->423 436->437 443 174470-174474 GetNativeSystemInfo 436->443 444 174476-174478 437->444 447 1b376f-1b377b 438->447 448 1b3764-1b376a 438->448 445 1743f4-17440f 439->445 446 1b3791-1b3794 439->446 440->408 441->408 442->435 443->444 449 174481-174493 444->449 450 17447a-17447b FreeLibrary 444->450 451 174415 445->451 452 1b3780-1b378c 445->452 446->408 453 1b379a-1b37c1 446->453 447->408 448->408 450->449 451->408 452->408 454 1b37ce-1b37da 453->454 455 1b37c3-1b37c9 453->455 454->408 455->408
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • GetVersionExW.KERNEL32(?), ref: 0017430D
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00176B57: _wcslen.LIBCMT ref: 00176B6A
                                                                                                                                                                                                                                                                                                                                                                                        • GetCurrentProcess.KERNEL32(?,0020CB64,00000000,?,?), ref: 00174422
                                                                                                                                                                                                                                                                                                                                                                                        • IsWow64Process.KERNEL32(00000000,?,?), ref: 00174429
                                                                                                                                                                                                                                                                                                                                                                                        • LoadLibraryA.KERNEL32(kernel32.dll,?,?), ref: 00174454
                                                                                                                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,GetNativeSystemInfo), ref: 00174466
                                                                                                                                                                                                                                                                                                                                                                                        • GetNativeSystemInfo.KERNELBASE(?,?,?), ref: 00174474
                                                                                                                                                                                                                                                                                                                                                                                        • FreeLibrary.KERNEL32(00000000,?,?), ref: 0017447B
                                                                                                                                                                                                                                                                                                                                                                                        • GetSystemInfo.KERNEL32(?,?,?), ref: 001744A0
                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: InfoLibraryProcessSystem$AddressCurrentFreeLoadNativeProcVersionWow64_wcslen
                                                                                                                                                                                                                                                                                                                                                                                        • String ID: GetNativeSystemInfo$kernel32.dll$|O
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3290436268-3101561225
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 58ce204a4ddec0f406fac80883bd5235147b5e9bb99d14c4340d7d33438d2a24
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: dc421222772d450901a3d4097a2d5b51308edf961bd42b29c6e448499b468bb7
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 58ce204a4ddec0f406fac80883bd5235147b5e9bb99d14c4340d7d33438d2a24
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 90A1C47A90A3C0DFC715DF79BC4C1E57FA46B27740B1888D9E05593A62E7204AE8DB21

                                                                                                                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                        control_flow_graph 1000 1742a2-1742ba CreateStreamOnHGlobal 1001 1742bc-1742d3 FindResourceExW 1000->1001 1002 1742da-1742dd 1000->1002 1003 1b35ba-1b35c9 LoadResource 1001->1003 1004 1742d9 1001->1004 1003->1004 1005 1b35cf-1b35dd SizeofResource 1003->1005 1004->1002 1005->1004 1006 1b35e3-1b35ee LockResource 1005->1006 1006->1004 1007 1b35f4-1b3612 1006->1007 1007->1004
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • CreateStreamOnHGlobal.COMBASE(00000000,00000001,?,?,?,?,?,001750AA,?,?,00000000,00000000), ref: 001742B2
                                                                                                                                                                                                                                                                                                                                                                                        • FindResourceExW.KERNEL32(?,0000000A,SCRIPT,00000000,?,?,001750AA,?,?,00000000,00000000), ref: 001742C9
                                                                                                                                                                                                                                                                                                                                                                                        • LoadResource.KERNEL32(?,00000000,?,?,001750AA,?,?,00000000,00000000,?,?,?,?,?,?,00174F20), ref: 001B35BE
                                                                                                                                                                                                                                                                                                                                                                                        • SizeofResource.KERNEL32(?,00000000,?,?,001750AA,?,?,00000000,00000000,?,?,?,?,?,?,00174F20), ref: 001B35D3
                                                                                                                                                                                                                                                                                                                                                                                        • LockResource.KERNEL32(001750AA,?,?,001750AA,?,?,00000000,00000000,?,?,?,?,?,?,00174F20,?), ref: 001B35E6
                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: Resource$CreateFindGlobalLoadLockSizeofStream
                                                                                                                                                                                                                                                                                                                                                                                        • String ID: SCRIPT
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3051347437-3967369404
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 1bb5185fe63824ab60481842e235c76934a583f6664e20b72a872420a1b1b8bc
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: d20182632d72bca3b118bc1dc1a7843c62c4468ff4c9a6e226e733b6b1462477
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1bb5185fe63824ab60481842e235c76934a583f6664e20b72a872420a1b1b8bc
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0D118EB0200700BFD7218B65EC88F677BBDEBC6B51F208269F846D6691DB71DC508A20

                                                                                                                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • SetCurrentDirectoryW.KERNEL32(?), ref: 00172B6B
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00173A5A: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,00241418,?,00172E7F,?,?,?,00000000), ref: 00173A78
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00179CB3: _wcslen.LIBCMT ref: 00179CBD
                                                                                                                                                                                                                                                                                                                                                                                        • GetForegroundWindow.USER32(runas,?,?,?,?,?,00232224), ref: 001B2C10
                                                                                                                                                                                                                                                                                                                                                                                        • ShellExecuteW.SHELL32(00000000,?,?,00232224), ref: 001B2C17
                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: CurrentDirectoryExecuteFileForegroundModuleNameShellWindow_wcslen
                                                                                                                                                                                                                                                                                                                                                                                        • String ID: runas
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 448630720-4000483414
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 8cbc2260ce9daffb140b2efcc32d7a12d3ebee79ebe8b0607498cdd952ce8009
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 852690c877d6be9bebd0e846f1961fceb6fa458e839e5b7f3441cec1f9c352cd
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8cbc2260ce9daffb140b2efcc32d7a12d3ebee79ebe8b0607498cdd952ce8009
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FF11B4712083056AC718FF60E856DAE77B4ABB1300F54842DF05E570A3CF31955A9752

                                                                                                                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                        control_flow_graph 1446 1dd4dc-1dd524 CreateToolhelp32Snapshot Process32FirstW call 1ddef7 1449 1dd5d2-1dd5d5 1446->1449 1450 1dd529-1dd538 Process32NextW 1449->1450 1451 1dd5db-1dd5ea CloseHandle 1449->1451 1450->1451 1452 1dd53e-1dd5ad call 17a961 * 2 call 179cb3 call 17525f call 17988f call 176350 call 18ce60 1450->1452 1467 1dd5af-1dd5b1 1452->1467 1468 1dd5b7-1dd5be 1452->1468 1469 1dd5c0-1dd5cd call 17988f * 2 1467->1469 1470 1dd5b3-1dd5b5 1467->1470 1468->1469 1469->1449 1470->1468 1470->1469
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • CreateToolhelp32Snapshot.KERNEL32 ref: 001DD501
                                                                                                                                                                                                                                                                                                                                                                                        • Process32FirstW.KERNEL32(00000000,?), ref: 001DD50F
                                                                                                                                                                                                                                                                                                                                                                                        • Process32NextW.KERNEL32(00000000,?), ref: 001DD52F
                                                                                                                                                                                                                                                                                                                                                                                        • CloseHandle.KERNELBASE(00000000), ref: 001DD5DC
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 420147892-0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: fb365f6d225c80abe00fe4c310c822a42f3a4e8f58dfda2d40d0b1e1c13edb8d
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 4f193af55ae3c2cc55351990f506dcfdaf45540549c954a41fc6334f90789608
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: fb365f6d225c80abe00fe4c310c822a42f3a4e8f58dfda2d40d0b1e1c13edb8d
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A231A4711083009FD301EF54E885EAFBBF8EFA9354F14452DF589862A2EB719949CB93

                                                                                                                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                        control_flow_graph 1474 1ddbbe-1ddbda lstrlenW 1475 1ddbdc-1ddbe6 GetFileAttributesW 1474->1475 1476 1ddc06 1474->1476 1477 1ddc09-1ddc0d 1475->1477 1478 1ddbe8-1ddbf7 FindFirstFileW 1475->1478 1476->1477 1478->1476 1479 1ddbf9-1ddc04 FindClose 1478->1479 1479->1477
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • lstrlenW.KERNEL32(?,001B5222), ref: 001DDBCE
                                                                                                                                                                                                                                                                                                                                                                                        • GetFileAttributesW.KERNELBASE(?), ref: 001DDBDD
                                                                                                                                                                                                                                                                                                                                                                                        • FindFirstFileW.KERNEL32(?,?), ref: 001DDBEE
                                                                                                                                                                                                                                                                                                                                                                                        • FindClose.KERNEL32(00000000), ref: 001DDBFA
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: FileFind$AttributesCloseFirstlstrlen
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2695905019-0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 25114e049da994858b1020940748494090ee93a88cfe9d360fde9ce0032c326c
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: bbc8dd6abf985f0671b4c9b3ce29bb232ba235f263612861e22c26d862ce29f4
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 25114e049da994858b1020940748494090ee93a88cfe9d360fde9ce0032c326c
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B8F0A070820A205BC2206B7CBC0E8BA776C9E02334F20470BF836C22E2EBB059548695
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • GetCurrentProcess.KERNEL32(001A28E9,?,00194CBE,001A28E9,002388B8,0000000C,00194E15,001A28E9,00000002,00000000,?,001A28E9), ref: 00194D09
                                                                                                                                                                                                                                                                                                                                                                                        • TerminateProcess.KERNEL32(00000000,?,00194CBE,001A28E9,002388B8,0000000C,00194E15,001A28E9,00000002,00000000,?,001A28E9), ref: 00194D10
                                                                                                                                                                                                                                                                                                                                                                                        • ExitProcess.KERNEL32 ref: 00194D22
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: Process$CurrentExitTerminate
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1703294689-0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 629dab41b21833747f82e61b38ad892c7019e8fdb96bc87fa1bc5e297917fbdc
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: bbaaa1e6d8825f04b2e9f7d258f34cd24b6049ee703d7a6dc3fc36c60023d26b
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 629dab41b21833747f82e61b38ad892c7019e8fdb96bc87fa1bc5e297917fbdc
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6CE0B675010248ABCF15AF94ED0DE587BA9FB66791B208154FC198A123CB35DE42CA80
                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: BuffCharUpper
                                                                                                                                                                                                                                                                                                                                                                                        • String ID: p#$
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3964851224-689578738
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 39b264e39b9ae01588a08344de82d361d31fc6d1c0ec0fe9922ba4d66045b051
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: fb42236583d402b9ea8d96f474ac03b8657a48d760a5665d17bfbd25b3463911
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 39b264e39b9ae01588a08344de82d361d31fc6d1c0ec0fe9922ba4d66045b051
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A8A24570608341CFDB25DF28C480B2ABBF1BF99304F15896DE99A9B352D731E945CB92

                                                                                                                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                        control_flow_graph 0 1faff9-1fb056 call 192340 3 1fb058-1fb06b call 17b567 0->3 4 1fb094-1fb098 0->4 13 1fb06d-1fb092 call 17b567 * 2 3->13 14 1fb0c8 3->14 6 1fb0dd-1fb0e0 4->6 7 1fb09a-1fb0bb call 17b567 * 2 4->7 9 1fb0f5-1fb119 call 177510 call 177620 6->9 10 1fb0e2-1fb0e5 6->10 29 1fb0bf-1fb0c4 7->29 31 1fb11f-1fb178 call 177510 call 177620 call 177510 call 177620 call 177510 call 177620 9->31 32 1fb1d8-1fb1e0 9->32 15 1fb0e8-1fb0ed call 17b567 10->15 13->29 19 1fb0cb-1fb0cf 14->19 15->9 24 1fb0d9-1fb0db 19->24 25 1fb0d1-1fb0d7 19->25 24->6 24->9 25->15 29->6 33 1fb0c6 29->33 79 1fb17a-1fb195 call 177510 call 177620 31->79 80 1fb1a6-1fb1d6 GetSystemDirectoryW call 18fe0b GetSystemDirectoryW 31->80 36 1fb20a-1fb238 GetCurrentDirectoryW call 18fe0b GetCurrentDirectoryW 32->36 37 1fb1e2-1fb1fd call 177510 call 177620 32->37 33->19 45 1fb23c 36->45 37->36 50 1fb1ff-1fb208 call 194963 37->50 49 1fb240-1fb244 45->49 52 1fb246-1fb270 call 179c6e * 3 49->52 53 1fb275-1fb285 call 1e00d9 49->53 50->36 50->53 52->53 62 1fb28b-1fb2e1 call 1e07c0 call 1e06e6 call 1e05a7 53->62 63 1fb287-1fb289 53->63 66 1fb2ee-1fb2f2 62->66 99 1fb2e3 62->99 63->66 71 1fb39a-1fb3be CreateProcessW 66->71 72 1fb2f8-1fb321 call 1d11c8 66->72 76 1fb3c1-1fb3d4 call 18fe14 * 2 71->76 88 1fb32a call 1d14ce 72->88 89 1fb323-1fb328 call 1d1201 72->89 103 1fb42f-1fb43d CloseHandle 76->103 104 1fb3d6-1fb3e8 76->104 79->80 105 1fb197-1fb1a0 call 194963 79->105 80->45 98 1fb32f-1fb33c call 194963 88->98 89->98 115 1fb33e-1fb345 98->115 116 1fb347-1fb357 call 194963 98->116 99->66 107 1fb43f-1fb444 103->107 108 1fb49c 103->108 109 1fb3ed-1fb3fc 104->109 110 1fb3ea 104->110 105->49 105->80 117 1fb446-1fb44c CloseHandle 107->117 118 1fb451-1fb456 107->118 113 1fb4a0-1fb4a4 108->113 111 1fb3fe 109->111 112 1fb401-1fb42a GetLastError call 17630c call 17cfa0 109->112 110->109 111->112 127 1fb4e5-1fb4f6 call 1e0175 112->127 120 1fb4a6-1fb4b0 113->120 121 1fb4b2-1fb4bc 113->121 115->115 115->116 136 1fb359-1fb360 116->136 137 1fb362-1fb372 call 194963 116->137 117->118 124 1fb458-1fb45e CloseHandle 118->124 125 1fb463-1fb468 118->125 120->127 128 1fb4be 121->128 129 1fb4c4-1fb4e3 call 17cfa0 CloseHandle 121->129 124->125 131 1fb46a-1fb470 CloseHandle 125->131 132 1fb475-1fb49a call 1e09d9 call 1fb536 125->132 128->129 129->127 131->132 132->113 136->136 136->137 147 1fb37d-1fb398 call 18fe14 * 3 137->147 148 1fb374-1fb37b 137->148 147->76 148->147 148->148
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 001FB198
                                                                                                                                                                                                                                                                                                                                                                                        • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 001FB1B0
                                                                                                                                                                                                                                                                                                                                                                                        • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 001FB1D4
                                                                                                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 001FB200
                                                                                                                                                                                                                                                                                                                                                                                        • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 001FB214
                                                                                                                                                                                                                                                                                                                                                                                        • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 001FB236
                                                                                                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 001FB332
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 001E05A7: GetStdHandle.KERNEL32(000000F6), ref: 001E05C6
                                                                                                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 001FB34B
                                                                                                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 001FB366
                                                                                                                                                                                                                                                                                                                                                                                        • CreateProcessW.KERNELBASE(00000000,?,00000000,00000000,?,?,00000000,?,?,?), ref: 001FB3B6
                                                                                                                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32(00000000), ref: 001FB407
                                                                                                                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(?), ref: 001FB439
                                                                                                                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 001FB44A
                                                                                                                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 001FB45C
                                                                                                                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 001FB46E
                                                                                                                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(?), ref: 001FB4E3
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: Handle$Close_wcslen$Directory$CurrentSystem$CreateErrorLastProcess
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2178637699-0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: cb92bf9186777ba877c46c4f3c9896442088f603b8e52954d7cafb706abfa4f8
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: b6f00aeddd972f2e937ca16f5dde427f33edd1a3c10e1c249bb002f5d813812a
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: cb92bf9186777ba877c46c4f3c9896442088f603b8e52954d7cafb706abfa4f8
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5EF1AB716083449FCB14EF24C891B6EBBE1BF85714F18855DF99A8B2A2CB31EC45CB52
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • GetInputState.USER32 ref: 0017D807
                                                                                                                                                                                                                                                                                                                                                                                        • timeGetTime.WINMM ref: 0017DA07
                                                                                                                                                                                                                                                                                                                                                                                        • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 0017DB28
                                                                                                                                                                                                                                                                                                                                                                                        • TranslateMessage.USER32(?), ref: 0017DB7B
                                                                                                                                                                                                                                                                                                                                                                                        • DispatchMessageW.USER32(?), ref: 0017DB89
                                                                                                                                                                                                                                                                                                                                                                                        • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 0017DB9F
                                                                                                                                                                                                                                                                                                                                                                                        • Sleep.KERNELBASE(0000000A), ref: 0017DBB1
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: Message$Peek$DispatchInputSleepStateTimeTranslatetime
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2189390790-0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: bb102bfd9280bf86c55bf22ab2cac3aceb6b8621bd89dc9cf1926fc670ef0397
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 0d1a015d49e4996f20b2913d26e992925709f7a1016e62c9236accf1a8f91664
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: bb102bfd9280bf86c55bf22ab2cac3aceb6b8621bd89dc9cf1926fc670ef0397
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0E42F170608345EFD729CF24D888FAAB7F0BFA6304F54865DE55A87291C770E884CB92

                                                                                                                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • GetSysColorBrush.USER32(0000000F), ref: 00172D07
                                                                                                                                                                                                                                                                                                                                                                                        • RegisterClassExW.USER32(00000030), ref: 00172D31
                                                                                                                                                                                                                                                                                                                                                                                        • RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00172D42
                                                                                                                                                                                                                                                                                                                                                                                        • InitCommonControlsEx.COMCTL32(?), ref: 00172D5F
                                                                                                                                                                                                                                                                                                                                                                                        • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00172D6F
                                                                                                                                                                                                                                                                                                                                                                                        • LoadIconW.USER32(000000A9), ref: 00172D85
                                                                                                                                                                                                                                                                                                                                                                                        • ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00172D94
                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: IconImageList_Register$BrushClassColorCommonControlsCreateInitLoadMessageReplaceWindow
                                                                                                                                                                                                                                                                                                                                                                                        • String ID: +$0$AutoIt v3 GUI$TaskbarCreated
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2914291525-1005189915
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: cdc4eabe24c26c7435a09b1a58955784a0868a33d8c5f1ae3a964e6670abe667
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 04e5f2f19f2ea23afb8d8216efcc16676e9afe56da3bdf74c6ddd0e9c7781de1
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: cdc4eabe24c26c7435a09b1a58955784a0868a33d8c5f1ae3a964e6670abe667
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A721C3B5951318AFDB00DFA4E88DBDDBBB8FB09700F10821AF511A62A1D7B14594CF91

                                                                                                                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                        control_flow_graph 457 1b065b-1b068b call 1b042f 460 1b068d-1b0698 call 19f2c6 457->460 461 1b06a6-1b06b2 call 1a5221 457->461 468 1b069a-1b06a1 call 19f2d9 460->468 466 1b06cb-1b0714 call 1b039a 461->466 467 1b06b4-1b06c9 call 19f2c6 call 19f2d9 461->467 476 1b0781-1b078a GetFileType 466->476 477 1b0716-1b071f 466->477 467->468 478 1b097d-1b0983 468->478 479 1b078c-1b07bd GetLastError call 19f2a3 CloseHandle 476->479 480 1b07d3-1b07d6 476->480 482 1b0721-1b0725 477->482 483 1b0756-1b077c GetLastError call 19f2a3 477->483 479->468 494 1b07c3-1b07ce call 19f2d9 479->494 486 1b07d8-1b07dd 480->486 487 1b07df-1b07e5 480->487 482->483 488 1b0727-1b0754 call 1b039a 482->488 483->468 491 1b07e9-1b0837 call 1a516a 486->491 487->491 492 1b07e7 487->492 488->476 488->483 499 1b0839-1b0845 call 1b05ab 491->499 500 1b0847-1b086b call 1b014d 491->500 492->491 494->468 499->500 506 1b086f-1b0879 call 1a86ae 499->506 507 1b087e-1b08c1 500->507 508 1b086d 500->508 506->478 510 1b08c3-1b08c7 507->510 511 1b08e2-1b08f0 507->511 508->506 510->511 513 1b08c9-1b08dd 510->513 514 1b097b 511->514 515 1b08f6-1b08fa 511->515 513->511 514->478 515->514 516 1b08fc-1b092f CloseHandle call 1b039a 515->516 519 1b0963-1b0977 516->519 520 1b0931-1b095d GetLastError call 19f2a3 call 1a5333 516->520 519->514 520->519
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 001B039A: CreateFileW.KERNELBASE(00000000,00000000,?,001B0704,?,?,00000000,?,001B0704,00000000,0000000C), ref: 001B03B7
                                                                                                                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32 ref: 001B076F
                                                                                                                                                                                                                                                                                                                                                                                        • __dosmaperr.LIBCMT ref: 001B0776
                                                                                                                                                                                                                                                                                                                                                                                        • GetFileType.KERNELBASE(00000000), ref: 001B0782
                                                                                                                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32 ref: 001B078C
                                                                                                                                                                                                                                                                                                                                                                                        • __dosmaperr.LIBCMT ref: 001B0795
                                                                                                                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 001B07B5
                                                                                                                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(?), ref: 001B08FF
                                                                                                                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32 ref: 001B0931
                                                                                                                                                                                                                                                                                                                                                                                        • __dosmaperr.LIBCMT ref: 001B0938
                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
                                                                                                                                                                                                                                                                                                                                                                                        • String ID: H
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 4237864984-2852464175
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: afa3b9906540d4982685610424e020189204898badbaff8d120d45427f11d8d2
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 80ec925cfb2534e68f8a57ae33ab40efbe3bbf4c9d2da1fb0d6b1af266086bb6
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: afa3b9906540d4982685610424e020189204898badbaff8d120d45427f11d8d2
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B7A13836A141049FDF1AEF68D895BEE7BA0AB1A320F14015DF815DB2D1CB319D16CB91

                                                                                                                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00173A5A: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,00241418,?,00172E7F,?,?,?,00000000), ref: 00173A78
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00173357: GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 00173379
                                                                                                                                                                                                                                                                                                                                                                                        • RegOpenKeyExW.KERNELBASE(80000001,Software\AutoIt v3\AutoIt,00000000,00000001,?,?,\Include\), ref: 0017356A
                                                                                                                                                                                                                                                                                                                                                                                        • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,00000000,?), ref: 001B318D
                                                                                                                                                                                                                                                                                                                                                                                        • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,?,?,00000000), ref: 001B31CE
                                                                                                                                                                                                                                                                                                                                                                                        • RegCloseKey.ADVAPI32(?), ref: 001B3210
                                                                                                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 001B3277
                                                                                                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 001B3286
                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: NameQueryValue_wcslen$CloseFileFullModuleOpenPath
                                                                                                                                                                                                                                                                                                                                                                                        • String ID: Include$Software\AutoIt v3\AutoIt$\$\Include\
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 98802146-2727554177
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 62e783bfa814d8ad024d16b5c77d2a113fc700029bc3cf31bd7af23083a9dc15
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 303c4e4499c3c330e15d7ae51d22fd503fdb8005c6031834a9e0c02faf8b3151
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 62e783bfa814d8ad024d16b5c77d2a113fc700029bc3cf31bd7af23083a9dc15
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5871AF71414300DEC314EF66EC869ABBBF8FFA6740F90456EF559931A1EB309A48CB52

                                                                                                                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • GetSysColorBrush.USER32(0000000F), ref: 00172B8E
                                                                                                                                                                                                                                                                                                                                                                                        • LoadCursorW.USER32(00000000,00007F00), ref: 00172B9D
                                                                                                                                                                                                                                                                                                                                                                                        • LoadIconW.USER32(00000063), ref: 00172BB3
                                                                                                                                                                                                                                                                                                                                                                                        • LoadIconW.USER32(000000A4), ref: 00172BC5
                                                                                                                                                                                                                                                                                                                                                                                        • LoadIconW.USER32(000000A2), ref: 00172BD7
                                                                                                                                                                                                                                                                                                                                                                                        • LoadImageW.USER32(00000063,00000001,00000010,00000010,00000000), ref: 00172BEF
                                                                                                                                                                                                                                                                                                                                                                                        • RegisterClassExW.USER32(?), ref: 00172C40
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00172CD4: GetSysColorBrush.USER32(0000000F), ref: 00172D07
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00172CD4: RegisterClassExW.USER32(00000030), ref: 00172D31
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00172CD4: RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00172D42
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00172CD4: InitCommonControlsEx.COMCTL32(?), ref: 00172D5F
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00172CD4: ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00172D6F
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00172CD4: LoadIconW.USER32(000000A9), ref: 00172D85
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00172CD4: ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00172D94
                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: Load$Icon$ImageRegister$BrushClassColorList_$CommonControlsCreateCursorInitMessageReplaceWindow
                                                                                                                                                                                                                                                                                                                                                                                        • String ID: #$0$AutoIt v3
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 423443420-4155596026
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: be92b005b3bd2eb5f7375de143bf8e19b5347bbad2462a605e07e14184784721
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 103fa547b1b33bbd97310288d67b0dbd69346ef19eb97efc0558a5bca7afdcc6
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: be92b005b3bd2eb5f7375de143bf8e19b5347bbad2462a605e07e14184784721
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DE214FB8E40314ABDB109F95FC8DA99BFB4FB09B50F10419AF500A66A0D3B105A0CF90
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • __Init_thread_footer.LIBCMT ref: 0017BB4E
                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: Init_thread_footer
                                                                                                                                                                                                                                                                                                                                                                                        • String ID: p#$$p#$$p#$$p#$$p%$$p%$$x#$$x#$
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1385522511-38278325
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 92823cedf4934ebb626b1fe35a1048d27be92ffb25062059e24e9d12fd28dc34
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 4fa2d54b4be57fc21715d0a3f3b586fa80bf468ac71e4b38441c9c535f0b0049
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 92823cedf4934ebb626b1fe35a1048d27be92ffb25062059e24e9d12fd28dc34
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6A32CB74A08209DFCB29CF54C894FBAB7B9FF58304F158059E919AB291C774EE81CB91

                                                                                                                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                        control_flow_graph 805 173170-173185 806 173187-17318a 805->806 807 1731e5-1731e7 805->807 809 17318c-173193 806->809 810 1731eb 806->810 807->806 808 1731e9 807->808 811 1731d0-1731d8 DefWindowProcW 808->811 814 173265-17326d PostQuitMessage 809->814 815 173199-17319e 809->815 812 1b2dfb-1b2e23 call 1718e2 call 18e499 810->812 813 1731f1-1731f6 810->813 816 1731de-1731e4 811->816 851 1b2e28-1b2e2f 812->851 818 17321d-173244 SetTimer RegisterWindowMessageW 813->818 819 1731f8-1731fb 813->819 817 173219-17321b 814->817 821 1731a4-1731a8 815->821 822 1b2e7c-1b2e90 call 1dbf30 815->822 817->816 818->817 826 173246-173251 CreatePopupMenu 818->826 823 173201-17320f KillTimer call 1730f2 819->823 824 1b2d9c-1b2d9f 819->824 827 1b2e68-1b2e72 call 1dc161 821->827 828 1731ae-1731b3 821->828 822->817 846 1b2e96 822->846 841 173214 call 173c50 823->841 830 1b2da1-1b2da5 824->830 831 1b2dd7-1b2df6 MoveWindow 824->831 826->817 842 1b2e77 827->842 835 1b2e4d-1b2e54 828->835 836 1731b9-1731be 828->836 838 1b2da7-1b2daa 830->838 839 1b2dc6-1b2dd2 SetFocus 830->839 831->817 835->811 840 1b2e5a-1b2e63 call 1d0ad7 835->840 844 1731c4-1731ca 836->844 845 173253-173263 call 17326f 836->845 838->844 847 1b2db0-1b2dc1 call 1718e2 838->847 839->817 840->811 841->817 842->817 844->811 844->851 845->817 846->811 847->817 851->811 852 1b2e35-1b2e48 call 1730f2 call 173837 851->852 852->811
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • DefWindowProcW.USER32(?,?,?,?,?,?,?,?,?,0017316A,?,?), ref: 001731D8
                                                                                                                                                                                                                                                                                                                                                                                        • KillTimer.USER32(?,00000001,?,?,?,?,?,0017316A,?,?), ref: 00173204
                                                                                                                                                                                                                                                                                                                                                                                        • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 00173227
                                                                                                                                                                                                                                                                                                                                                                                        • RegisterWindowMessageW.USER32(TaskbarCreated,?,?,?,?,?,0017316A,?,?), ref: 00173232
                                                                                                                                                                                                                                                                                                                                                                                        • CreatePopupMenu.USER32 ref: 00173246
                                                                                                                                                                                                                                                                                                                                                                                        • PostQuitMessage.USER32(00000000), ref: 00173267
                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: MessageTimerWindow$CreateKillMenuPopupPostProcQuitRegister
                                                                                                                                                                                                                                                                                                                                                                                        • String ID: TaskbarCreated
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 129472671-2362178303
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: a193a1b56f1e73071e4d4d7a5e1dbfc7dcbdd5832d9659ab29e230556da3bb15
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 5f3d6b2d170eef7d29d1e30fdbfde1b0bc295b22d22fad964c1c3fb3b03c701b
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a193a1b56f1e73071e4d4d7a5e1dbfc7dcbdd5832d9659ab29e230556da3bb15
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6D414D39260204B7DB196F78EC0DBB93B79E706340F648215F52A862A3C771CE94F762

                                                                                                                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                        control_flow_graph 861 171410-171449 862 1b24b8-1b24b9 DestroyWindow 861->862 863 17144f-171465 mciSendStringW 861->863 866 1b24c4-1b24d1 862->866 864 1716c6-1716d3 863->864 865 17146b-171473 863->865 868 1716d5-1716f0 UnregisterHotKey 864->868 869 1716f8-1716ff 864->869 865->866 867 171479-171488 call 17182e 865->867 870 1b24d3-1b24d6 866->870 871 1b2500-1b2507 866->871 882 1b250e-1b251a 867->882 883 17148e-171496 867->883 868->869 873 1716f2-1716f3 call 1710d0 868->873 869->865 874 171705 869->874 875 1b24d8-1b24e0 call 176246 870->875 876 1b24e2-1b24e5 FindClose 870->876 871->866 879 1b2509 871->879 873->869 874->864 881 1b24eb-1b24f8 875->881 876->881 879->882 881->871 885 1b24fa-1b24fb call 1e32b1 881->885 888 1b251c-1b251e FreeLibrary 882->888 889 1b2524-1b252b 882->889 886 1b2532-1b253f 883->886 887 17149c-1714c1 call 17cfa0 883->887 885->871 891 1b2541-1b255e VirtualFree 886->891 892 1b2566-1b256d 886->892 899 1714c3 887->899 900 1714f8-171503 CoUninitialize 887->900 888->889 889->882 890 1b252d 889->890 890->886 891->892 895 1b2560-1b2561 call 1e3317 891->895 892->886 896 1b256f 892->896 895->892 902 1b2574-1b2578 896->902 903 1714c6-1714f6 call 171a05 call 1719ae 899->903 901 171509-17150e 900->901 900->902 904 1b2589-1b2596 call 1e32eb 901->904 905 171514-17151e 901->905 902->901 906 1b257e-1b2584 902->906 903->900 917 1b2598 904->917 908 171707-171714 call 18f80e 905->908 909 171524-1715a5 call 17988f call 171944 call 1717d5 call 18fe14 call 17177c call 17988f call 17cfa0 call 1717fe call 18fe14 905->909 906->901 908->909 922 17171a 908->922 923 1b259d-1b25bf call 18fdcd 909->923 951 1715ab-1715cf call 18fe14 909->951 917->923 922->908 929 1b25c1 923->929 932 1b25c6-1b25e8 call 18fdcd 929->932 939 1b25ea 932->939 942 1b25ef-1b2611 call 18fdcd 939->942 947 1b2613 942->947 950 1b2618-1b2625 call 1d64d4 947->950 956 1b2627 950->956 951->932 957 1715d5-1715f9 call 18fe14 951->957 959 1b262c-1b2639 call 18ac64 956->959 957->942 962 1715ff-171619 call 18fe14 957->962 966 1b263b 959->966 962->950 967 17161f-171643 call 1717d5 call 18fe14 962->967 969 1b2640-1b264d call 1e3245 966->969 967->959 976 171649-171651 967->976 975 1b264f 969->975 977 1b2654-1b2661 call 1e32cc 975->977 976->969 978 171657-171675 call 17988f call 17190a 976->978 983 1b2663 977->983 978->977 987 17167b-171689 978->987 986 1b2668-1b2675 call 1e32cc 983->986 992 1b2677 986->992 987->986 989 17168f-1716c5 call 17988f * 3 call 171876 987->989 992->992
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • mciSendStringW.WINMM(close all,00000000,00000000,00000000), ref: 00171459
                                                                                                                                                                                                                                                                                                                                                                                        • CoUninitialize.COMBASE ref: 001714F8
                                                                                                                                                                                                                                                                                                                                                                                        • UnregisterHotKey.USER32(?), ref: 001716DD
                                                                                                                                                                                                                                                                                                                                                                                        • DestroyWindow.USER32(?), ref: 001B24B9
                                                                                                                                                                                                                                                                                                                                                                                        • FreeLibrary.KERNEL32(?), ref: 001B251E
                                                                                                                                                                                                                                                                                                                                                                                        • VirtualFree.KERNEL32(?,00000000,00008000), ref: 001B254B
                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: Free$DestroyLibrarySendStringUninitializeUnregisterVirtualWindow
                                                                                                                                                                                                                                                                                                                                                                                        • String ID: close all
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 469580280-3243417748
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 84623a5cfde7d9582a3b99a2a302083eb4c1688a26454a8cb1673c130268e59f
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 35eb3396b6b4ad36bed689419b8d3effd9453c3b803c93770f94026a58a1bef2
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 84623a5cfde7d9582a3b99a2a302083eb4c1688a26454a8cb1673c130268e59f
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C8D1AF31701212DFCB29EF18C499AA9F7B0BF15700F25829DE84A6B252DB30ED16CF50

                                                                                                                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                        control_flow_graph 1010 172c63-172cd3 CreateWindowExW * 2 ShowWindow * 2
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,00000000,00000001), ref: 00172C91
                                                                                                                                                                                                                                                                                                                                                                                        • CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 00172CB2
                                                                                                                                                                                                                                                                                                                                                                                        • ShowWindow.USER32(00000000,?,?,?,?,?,?,00171CAD,?), ref: 00172CC6
                                                                                                                                                                                                                                                                                                                                                                                        • ShowWindow.USER32(00000000,?,?,?,?,?,?,00171CAD,?), ref: 00172CCF
                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: Window$CreateShow
                                                                                                                                                                                                                                                                                                                                                                                        • String ID: AutoIt v3$edit
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1584632944-3779509399
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: cc94ccce4310513309d6a1dc2a3cf2ff4c03d25b49d54359279893986adf826d
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 226ca6bd6226909e470ed6d97aec919dd427b692b3114b325ec551044753993e
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: cc94ccce4310513309d6a1dc2a3cf2ff4c03d25b49d54359279893986adf826d
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 60F0DAB95403947AEB311B17BC4CE777EBDD7C7F50B10009AF900A25A1C66118A4DAB0

                                                                                                                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                        control_flow_graph 1435 173b1c-173b27 1436 173b99-173b9b 1435->1436 1437 173b29-173b2e 1435->1437 1438 173b8c-173b8f 1436->1438 1437->1436 1439 173b30-173b48 RegOpenKeyExW 1437->1439 1439->1436 1440 173b4a-173b69 RegQueryValueExW 1439->1440 1441 173b80-173b8b RegCloseKey 1440->1441 1442 173b6b-173b76 1440->1442 1441->1438 1443 173b90-173b97 1442->1443 1444 173b78-173b7a 1442->1444 1445 173b7e 1443->1445 1444->1445 1445->1441
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • RegOpenKeyExW.KERNELBASE(80000001,Control Panel\Mouse,00000000,00000001,00000000,?,?,80000001,80000001,?,00173B0F,SwapMouseButtons,00000004,?), ref: 00173B40
                                                                                                                                                                                                                                                                                                                                                                                        • RegQueryValueExW.KERNELBASE(00000000,00000000,00000000,00000000,?,?,?,?,?,80000001,80000001,?,00173B0F,SwapMouseButtons,00000004,?), ref: 00173B61
                                                                                                                                                                                                                                                                                                                                                                                        • RegCloseKey.KERNELBASE(00000000,?,?,?,80000001,80000001,?,00173B0F,SwapMouseButtons,00000004,?), ref: 00173B83
                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: CloseOpenQueryValue
                                                                                                                                                                                                                                                                                                                                                                                        • String ID: Control Panel\Mouse
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3677997916-824357125
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 138f0d445479a7193cba85915895900d14140cd3d5f2ba3f60d3c4be4278f98d
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: bee6b08574d2818ae5e27a07925752f6cb5cb86ac0b9b0c9e2a7d17358ab894a
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 138f0d445479a7193cba85915895900d14140cd3d5f2ba3f60d3c4be4278f98d
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 89112AB5510208FFDB218FA5DC48AEEB7BCEF04744B10855AA819D7210D3319E40A7A0
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • LoadStringW.USER32(00000065,?,0000007F,00000104), ref: 001B33A2
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00176B57: _wcslen.LIBCMT ref: 00176B6A
                                                                                                                                                                                                                                                                                                                                                                                        • Shell_NotifyIconW.SHELL32(00000001,?), ref: 00173A04
                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: IconLoadNotifyShell_String_wcslen
                                                                                                                                                                                                                                                                                                                                                                                        • String ID: Line:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2289894680-1585850449
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: d31525b2e0dc1561e23bed4f56b4832c32cd31dfb6aa92f02247dc8fbe6ebfd6
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 7d6028626e6e47c2e871faa31a38b81b3520148950665e1e6cc3125f507e7d23
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d31525b2e0dc1561e23bed4f56b4832c32cd31dfb6aa92f02247dc8fbe6ebfd6
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3631C371408300AAC725EB20EC49BEBB7F8AB95714F10856AF5AD83191EB709698C7C2
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • GetOpenFileNameW.COMDLG32(?), ref: 001B2C8C
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00173AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00173A97,?,?,00172E7F,?,?,?,00000000), ref: 00173AC2
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00172DA5: GetLongPathNameW.KERNELBASE(?,?,00007FFF), ref: 00172DC4
                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: Name$Path$FileFullLongOpen
                                                                                                                                                                                                                                                                                                                                                                                        • String ID: X$`e#
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 779396738-321613518
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 03a2d1788a17a14a1ba757845bc70eb3ae78f9e0d78d647ed0010deb22bc3a1e
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 755bc7a3b96db0a2dc4afb779c1c4d03fbd78b76d28d3a794565c5c223b297e3
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 03a2d1788a17a14a1ba757845bc70eb3ae78f9e0d78d647ed0010deb22bc3a1e
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A121D571A10258AFCB11DF94C809BEE7BFCAF59304F008059E409B7241DBB45A89CF61
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • __CxxThrowException@8.LIBVCRUNTIME ref: 00190668
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 001932A4: RaiseException.KERNEL32(?,?,?,0019068A,?,00241444,?,?,?,?,?,?,0019068A,00171129,00238738,00171129), ref: 00193304
                                                                                                                                                                                                                                                                                                                                                                                        • __CxxThrowException@8.LIBVCRUNTIME ref: 00190685
                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: Exception@8Throw$ExceptionRaise
                                                                                                                                                                                                                                                                                                                                                                                        • String ID: Unknown exception
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3476068407-410509341
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 338e8dbaaa0717be85434dd28230c956d9fd5abb370ddab53ec7ffaa3cb59ec9
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: c56c6aab3181af3422bf777d930355ed042cffb13d78232b3b2d88ebb661c7c8
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 338e8dbaaa0717be85434dd28230c956d9fd5abb370ddab53ec7ffaa3cb59ec9
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6EF06D3490030DBBCF05BAA4D846C9E7B6C9F55350B604635B924D65E2EF71EB66CAC0
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00171BC3: MapVirtualKeyW.USER32(0000005B,00000000), ref: 00171BF4
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00171BC3: MapVirtualKeyW.USER32(00000010,00000000), ref: 00171BFC
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00171BC3: MapVirtualKeyW.USER32(000000A0,00000000), ref: 00171C07
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00171BC3: MapVirtualKeyW.USER32(000000A1,00000000), ref: 00171C12
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00171BC3: MapVirtualKeyW.USER32(00000011,00000000), ref: 00171C1A
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00171BC3: MapVirtualKeyW.USER32(00000012,00000000), ref: 00171C22
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00171B4A: RegisterWindowMessageW.USER32(00000004,?,001712C4), ref: 00171BA2
                                                                                                                                                                                                                                                                                                                                                                                        • GetStdHandle.KERNEL32(000000F6,00000000,00000000), ref: 0017136A
                                                                                                                                                                                                                                                                                                                                                                                        • OleInitialize.OLE32 ref: 00171388
                                                                                                                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(00000000,00000000), ref: 001B24AB
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: Virtual$Handle$CloseInitializeMessageRegisterWindow
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1986988660-0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: a1c42883abd397cd8c92f820e585a8fd59953974b4017df520c50a6bda036696
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 0570f03d2eb3fc7fd4ebf8707339b205891f05e0d7a942b65d9875b207061098
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a1c42883abd397cd8c92f820e585a8fd59953974b4017df520c50a6bda036696
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A8719CBC9613048FD388EF79F8496953AF4FB9A344394822AD51AC72A2EB7044F0CF40
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00173923: Shell_NotifyIconW.SHELL32(00000001,?), ref: 00173A04
                                                                                                                                                                                                                                                                                                                                                                                        • Shell_NotifyIconW.SHELL32(00000001,000003A8), ref: 001DC259
                                                                                                                                                                                                                                                                                                                                                                                        • KillTimer.USER32(?,00000001,?,?), ref: 001DC261
                                                                                                                                                                                                                                                                                                                                                                                        • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 001DC270
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: IconNotifyShell_Timer$Kill
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3500052701-0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 8e68737d1e85e6303552e6552d090d861de33583b957e636e3a4f45abad7ae48
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: eaaf69a1152a15800f70117efc7031fada92cbfa9e274a01b7e562f9a6b49c9e
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8e68737d1e85e6303552e6552d090d861de33583b957e636e3a4f45abad7ae48
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3631D770904354AFEB328F649899BE7BBECAF16704F00089EE5DA93341C3746A84CB91
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • CloseHandle.KERNELBASE(00000000,00000000,?,?,001A85CC,?,00238CC8,0000000C), ref: 001A8704
                                                                                                                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,001A85CC,?,00238CC8,0000000C), ref: 001A870E
                                                                                                                                                                                                                                                                                                                                                                                        • __dosmaperr.LIBCMT ref: 001A8739
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: CloseErrorHandleLast__dosmaperr
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2583163307-0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 97017a14a0ceb8c2282415ba84cd350b6ba7f27c04fa7600b1ee2eac607fcacc
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 3cf2abb49e2ddbf053baa5b3aad2e5a5b19f7de67e8cc8438f6529c03c618bf9
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 97017a14a0ceb8c2282415ba84cd350b6ba7f27c04fa7600b1ee2eac607fcacc
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BB01263EA0962026EB646374A889B7E674A5FD3774F390259F91C8B1D3DFB0CC858190
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • TranslateMessage.USER32(?), ref: 0017DB7B
                                                                                                                                                                                                                                                                                                                                                                                        • DispatchMessageW.USER32(?), ref: 0017DB89
                                                                                                                                                                                                                                                                                                                                                                                        • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 0017DB9F
                                                                                                                                                                                                                                                                                                                                                                                        • Sleep.KERNELBASE(0000000A), ref: 0017DBB1
                                                                                                                                                                                                                                                                                                                                                                                        • TranslateAcceleratorW.USER32(?,?,?), ref: 001C1CC9
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: Message$Translate$AcceleratorDispatchPeekSleep
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3288985973-0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 5a721c9664c5af283a2fef1be30d7abcbd036a5c3a38a5a85e4e237fb81b94de
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 51da56973b559d26fceca1ee475123dfcf9dedaca73dd9e875057204e159b29d
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5a721c9664c5af283a2fef1be30d7abcbd036a5c3a38a5a85e4e237fb81b94de
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F2F0FE716443449BE734DBA0AC49FAA73BCEF56310F504619F65A930D1DB70A488CB15
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • __Init_thread_footer.LIBCMT ref: 001817F6
                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: Init_thread_footer
                                                                                                                                                                                                                                                                                                                                                                                        • String ID: CALL
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1385522511-4196123274
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: d95c2b462b73590fb4fb97a16be517b08fef96d4f71ea7925ceff8a020f6571f
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 1121d6a208d2e73a011985e43222a9e6c6efa57208bcad63932ccac4daf73a10
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d95c2b462b73590fb4fb97a16be517b08fef96d4f71ea7925ceff8a020f6571f
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A7228A71608241AFC714EF14C484B2ABBF5BF96314F24896DF49A8B3A1D771EA46CF42
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 001A2D74: GetLastError.KERNEL32(?,?,001A5686,001B3CD6,?,00000000,?,001A5B6A,?,?,?,?,?,0019E6D1,?,00238A48), ref: 001A2D78
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 001A2D74: _free.LIBCMT ref: 001A2DAB
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 001A2D74: SetLastError.KERNEL32(00000000,?,?,?,?,0019E6D1,?,00238A48,00000010,00174F4A,?,?,00000000,001B3CD6), ref: 001A2DEC
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 001A2D74: _abort.LIBCMT ref: 001A2DF2
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 001ACADA: _abort.LIBCMT ref: 001ACB0C
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 001ACADA: _free.LIBCMT ref: 001ACB40
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 001AC74F: GetOEMCP.KERNEL32(00000000), ref: 001AC77A
                                                                                                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 001ACA33
                                                                                                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 001ACA69
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: _free$ErrorLast_abort
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2991157371-0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 108d589de2feef310fdc21043701e5461da171f4be23301aa4763cea2d43cd25
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 1ff17d06234a6d2714881d9b083661865a6c1759be24a44441af068cf453266d
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 108d589de2feef310fdc21043701e5461da171f4be23301aa4763cea2d43cd25
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A631E53990420CAFDB11EBA8D445BBDB7F5EF52320F210199E8159B2A2FB719E41DB90
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • Shell_NotifyIconW.SHELL32(00000000,?), ref: 00173908
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: IconNotifyShell_
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1144537725-0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: bbb750a26566ff69fe2596cac31b25fecf90d96f3a8d725e2f2937414d5318bf
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 4efb5a65ad7474d3d253c933b2399734698d3061c14579f42104d7ef2617d8d0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: bbb750a26566ff69fe2596cac31b25fecf90d96f3a8d725e2f2937414d5318bf
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D83191B45043019FD720DF24E888797BBF8FB49708F00096EF6A983250E771AA54DB52
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • timeGetTime.WINMM ref: 0018F661
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 0017D730: GetInputState.USER32 ref: 0017D807
                                                                                                                                                                                                                                                                                                                                                                                        • Sleep.KERNEL32(00000000), ref: 001CF2DE
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: InputSleepStateTimetime
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 4149333218-0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: eab5466d4203e33549c94b753206a862364ff812d5c3614f612d5ddcea1a66be
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 9c40fff935b43aa861d9c90397fd03795dbf8955070944ed8cee546f118e5765
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: eab5466d4203e33549c94b753206a862364ff812d5c3614f612d5ddcea1a66be
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: AEF08C712442059FD314EF69E489B6AB7F8EF55761F00412DE85DC72A1DB70A800CB91
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: ef456ae5aa1713af794d08026774806037e995a93711f10947625120cd13c686
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 2a6193a8a9e04cb8816aae4cb2926c35a0b1b7c93ca8c352237b15678142eadd
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ef456ae5aa1713af794d08026774806037e995a93711f10947625120cd13c686
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F731D671100200CBC73D9EA8DC89B7DB3B19F91712F65C92DE58D9B951C735AC82DB52
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00174E90: LoadLibraryA.KERNEL32(kernel32.dll,?,?,00174EDD,?,00241418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00174E9C
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00174E90: GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 00174EAE
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00174E90: FreeLibrary.KERNEL32(00000000,?,?,00174EDD,?,00241418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00174EC0
                                                                                                                                                                                                                                                                                                                                                                                        • LoadLibraryExW.KERNEL32(?,00000000,00000002,?,00241418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00174EFD
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00174E59: LoadLibraryA.KERNEL32(kernel32.dll,?,?,001B3CDE,?,00241418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00174E62
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00174E59: GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00174E74
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00174E59: FreeLibrary.KERNEL32(00000000,?,?,001B3CDE,?,00241418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00174E87
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: Library$Load$AddressFreeProc
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2632591731-0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 21d26bd06d5ec07a960bbf392dd758e5905edb00d2cc0e180a02a1eccd947968
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 110fb176811284d2f9e57831adb8812dc1e1efa39fcbefebb9a75544e16f9c63
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 21d26bd06d5ec07a960bbf392dd758e5905edb00d2cc0e180a02a1eccd947968
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A111E332610305ABDF14FB64DC06FAD77B5AF60710F20C42EF54AA61C2EFB4AA559790
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: __wsopen_s
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3347428461-0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 74bd8a23746ed8dfeed2e42a02481455dc6b7e4ea6272b47d01a64e9ecf5562f
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 331d8fcbe32e720a86895ce58feaa019932448693f498b347dbfa76d8d2e46c0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 74bd8a23746ed8dfeed2e42a02481455dc6b7e4ea6272b47d01a64e9ecf5562f
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E311187590420AAFCB05DF58E945A9A7BF9EF49314F114059F808AB312DB31EA11CBA5
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: d6c69ec2a70ac845cc05b5f137181c3f07394ab8b33ef369e8c7ef627d5c9574
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 702d0052419437bd937ca92d62c45816321bebc8491b732ae69805e6521d3c53
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d6c69ec2a70ac845cc05b5f137181c3f07394ab8b33ef369e8c7ef627d5c9574
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8BF0F436510E10AADF317A69DC05B5A33D89FB3334F100719F824972D2DB70D8028AA5
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • RtlAllocateHeap.NTDLL(00000000,?,00241444,?,0018FDF5,?,?,0017A976,00000010,00241440,001713FC,?,001713C6,?,00171129), ref: 001A3852
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: AllocateHeap
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1279760036-0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 09e565c0982f75da8cbb3514a691ec8189c09f1adc060dfe24fad27d8ef20352
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 60a928235fc0e7965480236c6c107bff76e9b722d7a0c93314cdaf3153c5f333
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 09e565c0982f75da8cbb3514a691ec8189c09f1adc060dfe24fad27d8ef20352
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B5E02B3950122467DB312B779C04F9B3B48AF437B0F150334BC34924D1DB18DD0282E0
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • FreeLibrary.KERNEL32(?,?,00241418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00174F6D
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: FreeLibrary
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3664257935-0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 68bd4f6001d9bc022142023d686f40f797806a78fd3c52f963a7e6e8f9e43a95
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 88f3081698036c033e929a8fa2626397d1e66511e2f18d392b227613b99518f5
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 68bd4f6001d9bc022142023d686f40f797806a78fd3c52f963a7e6e8f9e43a95
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 51F01571105752CFDB389F68E494822FBF4AF15329320CA6EE1EE82621C7329844DB50
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • IsWindow.USER32(00000000), ref: 00202A66
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: Window
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2353593579-0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: af454a07d0d5c4e2d4b2ef391e8277d9b9bfe0b3b6195dd540ba90017d0ab6ed
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 2b333b948a1d1d023ea9e994cd58923d938be2ba5565f2538269a02ececb686b
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: af454a07d0d5c4e2d4b2ef391e8277d9b9bfe0b3b6195dd540ba90017d0ab6ed
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2FE04F76360216EAC724EB30EC848FE735CEB60395B104537BC2BD2241DF3099A986A0
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • Shell_NotifyIconW.SHELL32(00000002,?), ref: 0017314E
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: IconNotifyShell_
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1144537725-0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 20b9a9c9d95f8831f316b8ac30bcab1bc1c201489afea56854b907eeb793c2c8
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 84d2c45707b7dcefe95e6f6ca3ae2edfb6f7f1f2543b39ada0ccfb6e1ea802a0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 20b9a9c9d95f8831f316b8ac30bcab1bc1c201489afea56854b907eeb793c2c8
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3CF0A7749003149FEB629F24EC497D57BFCB701B08F1000E5A14896182D77047C8CF41
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • GetLongPathNameW.KERNELBASE(?,?,00007FFF), ref: 00172DC4
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00176B57: _wcslen.LIBCMT ref: 00176B6A
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: LongNamePath_wcslen
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 541455249-0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: bfa22cee1cf8d75f3865936ac51ffadfeb22bd95d7f5518b92d162a1e94ada5e
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: b3a4c019cea6ecbee1584ef073f8dc12afca24574632bebd43f1e3128e79d5da
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: bfa22cee1cf8d75f3865936ac51ffadfeb22bd95d7f5518b92d162a1e94ada5e
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B9E0CD726002245BC71093589C05FEA77EDDFC8790F154175FD09D7249DB60AD84C550
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00173837: Shell_NotifyIconW.SHELL32(00000000,?), ref: 00173908
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 0017D730: GetInputState.USER32 ref: 0017D807
                                                                                                                                                                                                                                                                                                                                                                                        • SetCurrentDirectoryW.KERNEL32(?), ref: 00172B6B
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 001730F2: Shell_NotifyIconW.SHELL32(00000002,?), ref: 0017314E
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: IconNotifyShell_$CurrentDirectoryInputState
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3667716007-0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 04f16f6f4f3673358073dca75e64912ec866baceb760db3ea49e98d85205d8a6
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 4a49bd8a48f849c3d1427fd125ee02b8f1acfd44294e775a62584a215a34eb60
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 04f16f6f4f3673358073dca75e64912ec866baceb760db3ea49e98d85205d8a6
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 56E0862130424806C708BB75B85656DB7799BF2355F40953EF15A471A3CF64459A4252
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • CreateFileW.KERNELBASE(00000000,00000000,?,001B0704,?,?,00000000,?,001B0704,00000000,0000000C), ref: 001B03B7
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: CreateFile
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 823142352-0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 413e2bb0f0a859c205b927571ad540893d4b2546e6a27699aac1c01fcf42b0a3
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: e0be338f7c66944a2d3b4d451647c68d0f3571f28244f15afe0adbe717cbdd43
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 413e2bb0f0a859c205b927571ad540893d4b2546e6a27699aac1c01fcf42b0a3
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5BD06C3204020DBBDF028F84ED06EDA3BAAFB48714F114100BE1856021C732E821AB90
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • SystemParametersInfoW.USER32(00002001,00000000,00000002), ref: 00171CBC
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: InfoParametersSystem
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3098949447-0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: a757823319cd6f9eb0c193daab968315c348eab6f799324a45261f6cfb6e7318
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 9cb94bad57737d2fd0ef88793c8235d720e34cd35206cd711c301e693656f733
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a757823319cd6f9eb0c193daab968315c348eab6f799324a45261f6cfb6e7318
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 50C0923E280304EFF3188B80BC4EF107BA4E349F00F948001F609B95E3C3A22860EA50
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00189BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00189BB2
                                                                                                                                                                                                                                                                                                                                                                                        • DefDlgProcW.USER32(?,0000004E,?,?,?,?,?,?), ref: 0020961A
                                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 0020965B
                                                                                                                                                                                                                                                                                                                                                                                        • GetWindowLongW.USER32(FFFFFDD9,000000F0), ref: 0020969F
                                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 002096C9
                                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32 ref: 002096F2
                                                                                                                                                                                                                                                                                                                                                                                        • GetKeyState.USER32(00000011), ref: 0020978B
                                                                                                                                                                                                                                                                                                                                                                                        • GetKeyState.USER32(00000009), ref: 00209798
                                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 002097AE
                                                                                                                                                                                                                                                                                                                                                                                        • GetKeyState.USER32(00000010), ref: 002097B8
                                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 002097E9
                                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32 ref: 00209810
                                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001030,?,00207E95), ref: 00209918
                                                                                                                                                                                                                                                                                                                                                                                        • ImageList_SetDragCursorImage.COMCTL32(00000000,00000000,00000000,?,?,?), ref: 0020992E
                                                                                                                                                                                                                                                                                                                                                                                        • ImageList_BeginDrag.COMCTL32(00000000,000000F8,000000F0), ref: 00209941
                                                                                                                                                                                                                                                                                                                                                                                        • SetCapture.USER32(?), ref: 0020994A
                                                                                                                                                                                                                                                                                                                                                                                        • ClientToScreen.USER32(?,?), ref: 002099AF
                                                                                                                                                                                                                                                                                                                                                                                        • ImageList_DragEnter.COMCTL32(00000000,?,?), ref: 002099BC
                                                                                                                                                                                                                                                                                                                                                                                        • InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 002099D6
                                                                                                                                                                                                                                                                                                                                                                                        • ReleaseCapture.USER32 ref: 002099E1
                                                                                                                                                                                                                                                                                                                                                                                        • GetCursorPos.USER32(?), ref: 00209A19
                                                                                                                                                                                                                                                                                                                                                                                        • ScreenToClient.USER32(?,?), ref: 00209A26
                                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001012,00000000,?), ref: 00209A80
                                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32 ref: 00209AAE
                                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001111,00000000,?), ref: 00209AEB
                                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32 ref: 00209B1A
                                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,0000110B,00000009,00000000), ref: 00209B3B
                                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,0000110B,00000009,?), ref: 00209B4A
                                                                                                                                                                                                                                                                                                                                                                                        • GetCursorPos.USER32(?), ref: 00209B68
                                                                                                                                                                                                                                                                                                                                                                                        • ScreenToClient.USER32(?,?), ref: 00209B75
                                                                                                                                                                                                                                                                                                                                                                                        • GetParent.USER32(?), ref: 00209B93
                                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001012,00000000,?), ref: 00209BFA
                                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32 ref: 00209C2B
                                                                                                                                                                                                                                                                                                                                                                                        • ClientToScreen.USER32(?,?), ref: 00209C84
                                                                                                                                                                                                                                                                                                                                                                                        • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000), ref: 00209CB4
                                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001111,00000000,?), ref: 00209CDE
                                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32 ref: 00209D01
                                                                                                                                                                                                                                                                                                                                                                                        • ClientToScreen.USER32(?,?), ref: 00209D4E
                                                                                                                                                                                                                                                                                                                                                                                        • TrackPopupMenuEx.USER32(?,00000080,?,?,?,00000000), ref: 00209D82
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00189944: GetWindowLongW.USER32(?,000000EB), ref: 00189952
                                                                                                                                                                                                                                                                                                                                                                                        • GetWindowLongW.USER32(?,000000F0), ref: 00209E05
                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: MessageSend$ClientScreen$ImageLongWindow$CursorDragList_State$CaptureMenuPopupTrack$BeginEnterInvalidateParentProcRectRelease
                                                                                                                                                                                                                                                                                                                                                                                        • String ID: @GUI_DRAGID$F$p#$
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3429851547-3607781724
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 1ffb44cd79d0a266fdca5b1fd415becf6ad0930b64df3f6545d11ad51b8b20cf
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 0529b5e668eb4740124277b69d7ff2a0c8e700d9d974f9675f860ca4ea6383c7
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1ffb44cd79d0a266fdca5b1fd415becf6ad0930b64df3f6545d11ad51b8b20cf
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 80428075518301AFD724CF24DC48AAABBE9FF89310F144619F656872E3D77298A0CF51
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00000408,00000000,00000000), ref: 002048F3
                                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00000188,00000000,00000000), ref: 00204908
                                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,0000018A,00000000,00000000), ref: 00204927
                                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00000148,00000000,00000000), ref: 0020494B
                                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00000147,00000000,00000000), ref: 0020495C
                                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00000149,00000000,00000000), ref: 0020497B
                                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,0000130B,00000000,00000000), ref: 002049AE
                                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,0000133C,00000000,?), ref: 002049D4
                                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,0000110A,00000009,00000000), ref: 00204A0F
                                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,0000113E,00000000,00000004), ref: 00204A56
                                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,0000113E,00000000,00000004), ref: 00204A7E
                                                                                                                                                                                                                                                                                                                                                                                        • IsMenu.USER32(?), ref: 00204A97
                                                                                                                                                                                                                                                                                                                                                                                        • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00204AF2
                                                                                                                                                                                                                                                                                                                                                                                        • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00204B20
                                                                                                                                                                                                                                                                                                                                                                                        • GetWindowLongW.USER32(?,000000F0), ref: 00204B94
                                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,0000113E,00000000,00000008), ref: 00204BE3
                                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00001001,00000000,?), ref: 00204C82
                                                                                                                                                                                                                                                                                                                                                                                        • wsprintfW.USER32 ref: 00204CAE
                                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00204CC9
                                                                                                                                                                                                                                                                                                                                                                                        • GetWindowTextW.USER32(?,00000000,00000001), ref: 00204CF1
                                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,000000F0,00000000,00000000), ref: 00204D13
                                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00204D33
                                                                                                                                                                                                                                                                                                                                                                                        • GetWindowTextW.USER32(?,00000000,00000001), ref: 00204D5A
                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: MessageSend$MenuWindow$InfoItemText$Longwsprintf
                                                                                                                                                                                                                                                                                                                                                                                        • String ID: %d/%02d/%02d
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 4054740463-328681919
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: e972371e8e34f13bba26bb349abfd9a62f219aab0c68b5f17c22f07c5bd6c7fd
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 9c909f3bca514e0d6d7e2b6731f21919717b9c83c30c7d453abe95f01cf0b080
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e972371e8e34f13bba26bb349abfd9a62f219aab0c68b5f17c22f07c5bd6c7fd
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6D1214B1610305ABEB24AF24DC49FAE7BF8EF85710F108229F615DB2E2DB749951CB50
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • GetForegroundWindow.USER32(00000000,00000000,00000000), ref: 0018F998
                                                                                                                                                                                                                                                                                                                                                                                        • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 001CF474
                                                                                                                                                                                                                                                                                                                                                                                        • IsIconic.USER32(00000000), ref: 001CF47D
                                                                                                                                                                                                                                                                                                                                                                                        • ShowWindow.USER32(00000000,00000009), ref: 001CF48A
                                                                                                                                                                                                                                                                                                                                                                                        • SetForegroundWindow.USER32(00000000), ref: 001CF494
                                                                                                                                                                                                                                                                                                                                                                                        • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 001CF4AA
                                                                                                                                                                                                                                                                                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 001CF4B1
                                                                                                                                                                                                                                                                                                                                                                                        • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 001CF4BD
                                                                                                                                                                                                                                                                                                                                                                                        • AttachThreadInput.USER32(?,00000000,00000001), ref: 001CF4CE
                                                                                                                                                                                                                                                                                                                                                                                        • AttachThreadInput.USER32(?,00000000,00000001), ref: 001CF4D6
                                                                                                                                                                                                                                                                                                                                                                                        • AttachThreadInput.USER32(00000000,000000FF,00000001), ref: 001CF4DE
                                                                                                                                                                                                                                                                                                                                                                                        • SetForegroundWindow.USER32(00000000), ref: 001CF4E1
                                                                                                                                                                                                                                                                                                                                                                                        • MapVirtualKeyW.USER32(00000012,00000000), ref: 001CF4F6
                                                                                                                                                                                                                                                                                                                                                                                        • keybd_event.USER32(00000012,00000000), ref: 001CF501
                                                                                                                                                                                                                                                                                                                                                                                        • MapVirtualKeyW.USER32(00000012,00000000), ref: 001CF50B
                                                                                                                                                                                                                                                                                                                                                                                        • keybd_event.USER32(00000012,00000000), ref: 001CF510
                                                                                                                                                                                                                                                                                                                                                                                        • MapVirtualKeyW.USER32(00000012,00000000), ref: 001CF519
                                                                                                                                                                                                                                                                                                                                                                                        • keybd_event.USER32(00000012,00000000), ref: 001CF51E
                                                                                                                                                                                                                                                                                                                                                                                        • MapVirtualKeyW.USER32(00000012,00000000), ref: 001CF528
                                                                                                                                                                                                                                                                                                                                                                                        • keybd_event.USER32(00000012,00000000), ref: 001CF52D
                                                                                                                                                                                                                                                                                                                                                                                        • SetForegroundWindow.USER32(00000000), ref: 001CF530
                                                                                                                                                                                                                                                                                                                                                                                        • AttachThreadInput.USER32(?,000000FF,00000000), ref: 001CF557
                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: Window$Thread$AttachForegroundInputVirtualkeybd_event$Process$CurrentFindIconicShow
                                                                                                                                                                                                                                                                                                                                                                                        • String ID: Shell_TrayWnd
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 4125248594-2988720461
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 861a4d8ba2ae45b1a7380a1f96ab5db3e9d176a921d14ce3807029b6fcf572cb
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 419f40ed8d5973a696b422451baff768e24610e51e00418d3a83df1094f77578
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 861a4d8ba2ae45b1a7380a1f96ab5db3e9d176a921d14ce3807029b6fcf572cb
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F43153B1A40318BBEB246BB55C49FBF7E6DEB44B50F210129F600E61D2C7B19D01AA60
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 001D16C3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 001D170D
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 001D16C3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 001D173A
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 001D16C3: GetLastError.KERNEL32 ref: 001D174A
                                                                                                                                                                                                                                                                                                                                                                                        • LogonUserW.ADVAPI32(?,?,?,00000000,00000000,?), ref: 001D1286
                                                                                                                                                                                                                                                                                                                                                                                        • DuplicateTokenEx.ADVAPI32(?,00000000,00000000,00000002,00000001,?), ref: 001D12A8
                                                                                                                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(?), ref: 001D12B9
                                                                                                                                                                                                                                                                                                                                                                                        • OpenWindowStationW.USER32(winsta0,00000000,00060000), ref: 001D12D1
                                                                                                                                                                                                                                                                                                                                                                                        • GetProcessWindowStation.USER32 ref: 001D12EA
                                                                                                                                                                                                                                                                                                                                                                                        • SetProcessWindowStation.USER32(00000000), ref: 001D12F4
                                                                                                                                                                                                                                                                                                                                                                                        • OpenDesktopW.USER32(default,00000000,00000000,00060081), ref: 001D1310
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 001D10BF: AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,001D11FC), ref: 001D10D4
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 001D10BF: CloseHandle.KERNEL32(?,?,001D11FC), ref: 001D10E9
                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: StationTokenWindow$AdjustCloseHandleOpenPrivilegesProcess$DesktopDuplicateErrorLastLogonLookupPrivilegeUserValue
                                                                                                                                                                                                                                                                                                                                                                                        • String ID: $default$winsta0$Z#
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 22674027-1370318574
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: e6ff145dcfe64562f989c65abe306d8d98bdb4f01943007d64705836f0e7ce3f
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: ae657e4d14fa90dbe357078e4cc44fdf3bfdd38f7a8de8e94857a122204e08b8
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e6ff145dcfe64562f989c65abe306d8d98bdb4f01943007d64705836f0e7ce3f
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 42818CB1900309BFDF219FA4DC49FEE7BB9EF08704F14422AF910A62A1D7758A55CB61
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 001D10F9: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 001D1114
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 001D10F9: GetLastError.KERNEL32(?,00000000,00000000,?,?,001D0B9B,?,?,?), ref: 001D1120
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 001D10F9: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,001D0B9B,?,?,?), ref: 001D112F
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 001D10F9: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,001D0B9B,?,?,?), ref: 001D1136
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 001D10F9: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 001D114D
                                                                                                                                                                                                                                                                                                                                                                                        • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 001D0BCC
                                                                                                                                                                                                                                                                                                                                                                                        • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 001D0C00
                                                                                                                                                                                                                                                                                                                                                                                        • GetLengthSid.ADVAPI32(?), ref: 001D0C17
                                                                                                                                                                                                                                                                                                                                                                                        • GetAce.ADVAPI32(?,00000000,?), ref: 001D0C51
                                                                                                                                                                                                                                                                                                                                                                                        • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 001D0C6D
                                                                                                                                                                                                                                                                                                                                                                                        • GetLengthSid.ADVAPI32(?), ref: 001D0C84
                                                                                                                                                                                                                                                                                                                                                                                        • GetProcessHeap.KERNEL32(00000008,00000008), ref: 001D0C8C
                                                                                                                                                                                                                                                                                                                                                                                        • HeapAlloc.KERNEL32(00000000), ref: 001D0C93
                                                                                                                                                                                                                                                                                                                                                                                        • GetLengthSid.ADVAPI32(?,00000008,?), ref: 001D0CB4
                                                                                                                                                                                                                                                                                                                                                                                        • CopySid.ADVAPI32(00000000), ref: 001D0CBB
                                                                                                                                                                                                                                                                                                                                                                                        • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 001D0CEA
                                                                                                                                                                                                                                                                                                                                                                                        • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 001D0D0C
                                                                                                                                                                                                                                                                                                                                                                                        • SetUserObjectSecurity.USER32(?,00000004,?), ref: 001D0D1E
                                                                                                                                                                                                                                                                                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000), ref: 001D0D45
                                                                                                                                                                                                                                                                                                                                                                                        • HeapFree.KERNEL32(00000000), ref: 001D0D4C
                                                                                                                                                                                                                                                                                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000), ref: 001D0D55
                                                                                                                                                                                                                                                                                                                                                                                        • HeapFree.KERNEL32(00000000), ref: 001D0D5C
                                                                                                                                                                                                                                                                                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000), ref: 001D0D65
                                                                                                                                                                                                                                                                                                                                                                                        • HeapFree.KERNEL32(00000000), ref: 001D0D6C
                                                                                                                                                                                                                                                                                                                                                                                        • GetProcessHeap.KERNEL32(00000000,?), ref: 001D0D78
                                                                                                                                                                                                                                                                                                                                                                                        • HeapFree.KERNEL32(00000000), ref: 001D0D7F
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 001D1193: GetProcessHeap.KERNEL32(00000008,001D0BB1,?,00000000,?,001D0BB1,?), ref: 001D11A1
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 001D1193: HeapAlloc.KERNEL32(00000000,?,00000000,?,001D0BB1,?), ref: 001D11A8
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 001D1193: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,001D0BB1,?), ref: 001D11B7
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 4175595110-0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 15feddc8cce8dcb217f8623e2e01ee2bee5280442436eb7fe396f1a957a7ef16
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 1247d94bc3a7492e19d64d240f51e06fbf8f63ab521e1d2d635a7fd74af8159a
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 15feddc8cce8dcb217f8623e2e01ee2bee5280442436eb7fe396f1a957a7ef16
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C8716EB190020AAFDF11DFE4DC48FAEBBB9BF09310F144666F914A7291D775AA05CB60
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • OpenClipboard.USER32(0020CC08), ref: 001EEB29
                                                                                                                                                                                                                                                                                                                                                                                        • IsClipboardFormatAvailable.USER32(0000000D), ref: 001EEB37
                                                                                                                                                                                                                                                                                                                                                                                        • GetClipboardData.USER32(0000000D), ref: 001EEB43
                                                                                                                                                                                                                                                                                                                                                                                        • CloseClipboard.USER32 ref: 001EEB4F
                                                                                                                                                                                                                                                                                                                                                                                        • GlobalLock.KERNEL32(00000000), ref: 001EEB87
                                                                                                                                                                                                                                                                                                                                                                                        • CloseClipboard.USER32 ref: 001EEB91
                                                                                                                                                                                                                                                                                                                                                                                        • GlobalUnlock.KERNEL32(00000000), ref: 001EEBBC
                                                                                                                                                                                                                                                                                                                                                                                        • IsClipboardFormatAvailable.USER32(00000001), ref: 001EEBC9
                                                                                                                                                                                                                                                                                                                                                                                        • GetClipboardData.USER32(00000001), ref: 001EEBD1
                                                                                                                                                                                                                                                                                                                                                                                        • GlobalLock.KERNEL32(00000000), ref: 001EEBE2
                                                                                                                                                                                                                                                                                                                                                                                        • GlobalUnlock.KERNEL32(00000000), ref: 001EEC22
                                                                                                                                                                                                                                                                                                                                                                                        • IsClipboardFormatAvailable.USER32(0000000F), ref: 001EEC38
                                                                                                                                                                                                                                                                                                                                                                                        • GetClipboardData.USER32(0000000F), ref: 001EEC44
                                                                                                                                                                                                                                                                                                                                                                                        • GlobalLock.KERNEL32(00000000), ref: 001EEC55
                                                                                                                                                                                                                                                                                                                                                                                        • DragQueryFileW.SHELL32(00000000,000000FF,00000000,00000000), ref: 001EEC77
                                                                                                                                                                                                                                                                                                                                                                                        • DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 001EEC94
                                                                                                                                                                                                                                                                                                                                                                                        • DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 001EECD2
                                                                                                                                                                                                                                                                                                                                                                                        • GlobalUnlock.KERNEL32(00000000), ref: 001EECF3
                                                                                                                                                                                                                                                                                                                                                                                        • CountClipboardFormats.USER32 ref: 001EED14
                                                                                                                                                                                                                                                                                                                                                                                        • CloseClipboard.USER32 ref: 001EED59
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: Clipboard$Global$AvailableCloseDataDragFileFormatLockQueryUnlock$CountFormatsOpen
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 420908878-0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 578bb9e47d25ad39bc55aac2197c52db43fcb04d2a389e4ffbad53466673d734
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: cd82408e9e02c91bc9534c686cdda850ce858ca08da3780b756ed6cac57b449d
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 578bb9e47d25ad39bc55aac2197c52db43fcb04d2a389e4ffbad53466673d734
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6461DF742047419FD310EF61E889F2EB7E8BF94714F248619F85A972A2DB31DD09CB62
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • FindFirstFileW.KERNEL32(?,?), ref: 001E69BE
                                                                                                                                                                                                                                                                                                                                                                                        • FindClose.KERNEL32(00000000), ref: 001E6A12
                                                                                                                                                                                                                                                                                                                                                                                        • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 001E6A4E
                                                                                                                                                                                                                                                                                                                                                                                        • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 001E6A75
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00179CB3: _wcslen.LIBCMT ref: 00179CBD
                                                                                                                                                                                                                                                                                                                                                                                        • FileTimeToSystemTime.KERNEL32(?,?), ref: 001E6AB2
                                                                                                                                                                                                                                                                                                                                                                                        • FileTimeToSystemTime.KERNEL32(?,?), ref: 001E6ADF
                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: Time$File$FindLocalSystem$CloseFirst_wcslen
                                                                                                                                                                                                                                                                                                                                                                                        • String ID: %02d$%03d$%4d$%4d%02d%02d%02d%02d%02d$%4d%02d%02d%02d%02d%02d%03d
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3830820486-3289030164
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: ff8d8229133c4f9d02aaf3bdb24f698202f3c76da23b4ddefaf5b20c67e5f78a
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: a1f2cf111393342559e3662473fdaa0bf1b772a339f2689ecb2813c6afc00ebf
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ff8d8229133c4f9d02aaf3bdb24f698202f3c76da23b4ddefaf5b20c67e5f78a
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6FD16FB1508340AEC710EBA4D885EAFB7FCAFA9704F44491DF589C7191EB34DA08CB62
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • FindFirstFileW.KERNEL32(?,?,74DE8FB0,?,00000000), ref: 001E9663
                                                                                                                                                                                                                                                                                                                                                                                        • GetFileAttributesW.KERNEL32(?), ref: 001E96A1
                                                                                                                                                                                                                                                                                                                                                                                        • SetFileAttributesW.KERNEL32(?,?), ref: 001E96BB
                                                                                                                                                                                                                                                                                                                                                                                        • FindNextFileW.KERNEL32(00000000,?), ref: 001E96D3
                                                                                                                                                                                                                                                                                                                                                                                        • FindClose.KERNEL32(00000000), ref: 001E96DE
                                                                                                                                                                                                                                                                                                                                                                                        • FindFirstFileW.KERNEL32(*.*,?), ref: 001E96FA
                                                                                                                                                                                                                                                                                                                                                                                        • SetCurrentDirectoryW.KERNEL32(?), ref: 001E974A
                                                                                                                                                                                                                                                                                                                                                                                        • SetCurrentDirectoryW.KERNEL32(00236B7C), ref: 001E9768
                                                                                                                                                                                                                                                                                                                                                                                        • FindNextFileW.KERNEL32(00000000,00000010), ref: 001E9772
                                                                                                                                                                                                                                                                                                                                                                                        • FindClose.KERNEL32(00000000), ref: 001E977F
                                                                                                                                                                                                                                                                                                                                                                                        • FindClose.KERNEL32(00000000), ref: 001E978F
                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: Find$File$Close$AttributesCurrentDirectoryFirstNext
                                                                                                                                                                                                                                                                                                                                                                                        • String ID: *.*
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1409584000-438819550
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 13eadbf9d0ae685bcb06023878b5553bef064c069a53bf35ea5f083c36f90eba
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 720e9b53d8f9279766b2e23f60d257c885a96eae468c3d8fe123c44aa20562eb
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 13eadbf9d0ae685bcb06023878b5553bef064c069a53bf35ea5f083c36f90eba
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C331D372900A597EDF24AFB5EC4DADE77ACAF09360F204166F905E2092DB30DD448F50
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • FindFirstFileW.KERNEL32(?,?,74DE8FB0,?,00000000), ref: 001E97BE
                                                                                                                                                                                                                                                                                                                                                                                        • FindNextFileW.KERNEL32(00000000,?), ref: 001E9819
                                                                                                                                                                                                                                                                                                                                                                                        • FindClose.KERNEL32(00000000), ref: 001E9824
                                                                                                                                                                                                                                                                                                                                                                                        • FindFirstFileW.KERNEL32(*.*,?), ref: 001E9840
                                                                                                                                                                                                                                                                                                                                                                                        • SetCurrentDirectoryW.KERNEL32(?), ref: 001E9890
                                                                                                                                                                                                                                                                                                                                                                                        • SetCurrentDirectoryW.KERNEL32(00236B7C), ref: 001E98AE
                                                                                                                                                                                                                                                                                                                                                                                        • FindNextFileW.KERNEL32(00000000,00000010), ref: 001E98B8
                                                                                                                                                                                                                                                                                                                                                                                        • FindClose.KERNEL32(00000000), ref: 001E98C5
                                                                                                                                                                                                                                                                                                                                                                                        • FindClose.KERNEL32(00000000), ref: 001E98D5
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 001DDAE5: CreateFileW.KERNEL32(?,40000000,00000001,00000000,00000003,02000080,00000000), ref: 001DDB00
                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: Find$File$Close$CurrentDirectoryFirstNext$Create
                                                                                                                                                                                                                                                                                                                                                                                        • String ID: *.*
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2640511053-438819550
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 80e63f2f89b471ddf9fb1789ec0fe2d0e522e70ab6270a3e8e14e6278649905b
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: ff11bb33f651f8549fe7c0e0c007506850fb0ffdae739c3686eca23a224c7653
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 80e63f2f89b471ddf9fb1789ec0fe2d0e522e70ab6270a3e8e14e6278649905b
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A131C371500A5D6EDF24AFB5EC48EDE77AC9F06324F248155E810A21E2DB30DD458F20
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 001FC998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,001FB6AE,?,?), ref: 001FC9B5
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 001FC998: _wcslen.LIBCMT ref: 001FC9F1
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 001FC998: _wcslen.LIBCMT ref: 001FCA68
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 001FC998: _wcslen.LIBCMT ref: 001FCA9E
                                                                                                                                                                                                                                                                                                                                                                                        • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 001FBF3E
                                                                                                                                                                                                                                                                                                                                                                                        • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?,?), ref: 001FBFA9
                                                                                                                                                                                                                                                                                                                                                                                        • RegCloseKey.ADVAPI32(00000000), ref: 001FBFCD
                                                                                                                                                                                                                                                                                                                                                                                        • RegQueryValueExW.ADVAPI32(?,?,00000000,?,00000000,?), ref: 001FC02C
                                                                                                                                                                                                                                                                                                                                                                                        • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,00000008), ref: 001FC0E7
                                                                                                                                                                                                                                                                                                                                                                                        • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 001FC154
                                                                                                                                                                                                                                                                                                                                                                                        • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 001FC1E9
                                                                                                                                                                                                                                                                                                                                                                                        • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,00000000,?,?,?,00000000), ref: 001FC23A
                                                                                                                                                                                                                                                                                                                                                                                        • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 001FC2E3
                                                                                                                                                                                                                                                                                                                                                                                        • RegCloseKey.ADVAPI32(?,?,00000000), ref: 001FC382
                                                                                                                                                                                                                                                                                                                                                                                        • RegCloseKey.ADVAPI32(00000000), ref: 001FC38F
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: QueryValue$Close_wcslen$BuffCharConnectOpenRegistryUpper
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3102970594-0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: f414eabb367fc99a7c9a77123e4ee3eefc95a6e0abc26a3497b9f5f389a1d44c
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: cfb2a1804f8d13b80b04ba979368aee26e95cd947249bb563fcc3db590421e93
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f414eabb367fc99a7c9a77123e4ee3eefc95a6e0abc26a3497b9f5f389a1d44c
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D1024A716042049FD714DF28C995E2ABBE5FF89308F18C49DF94A8B2A2DB31ED45CB91
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • GetLocalTime.KERNEL32(?), ref: 001E8257
                                                                                                                                                                                                                                                                                                                                                                                        • SystemTimeToFileTime.KERNEL32(?,?), ref: 001E8267
                                                                                                                                                                                                                                                                                                                                                                                        • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 001E8273
                                                                                                                                                                                                                                                                                                                                                                                        • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 001E8310
                                                                                                                                                                                                                                                                                                                                                                                        • SetCurrentDirectoryW.KERNEL32(?), ref: 001E8324
                                                                                                                                                                                                                                                                                                                                                                                        • SetCurrentDirectoryW.KERNEL32(?), ref: 001E8356
                                                                                                                                                                                                                                                                                                                                                                                        • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 001E838C
                                                                                                                                                                                                                                                                                                                                                                                        • SetCurrentDirectoryW.KERNEL32(?), ref: 001E8395
                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: CurrentDirectoryTime$File$Local$System
                                                                                                                                                                                                                                                                                                                                                                                        • String ID: *.*
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1464919966-438819550
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 4b9c59e7eabc69dbe6572342a4e185749ec5ca70b89e2bb850bc06d5dd1b713f
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 512ddbf79e59836a176e19c812639d74168c327744d4e53390daff422a73041b
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4b9c59e7eabc69dbe6572342a4e185749ec5ca70b89e2bb850bc06d5dd1b713f
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FF61A9B25087459FCB10EF60D8809AFB3E8FF99314F04891EF98997251EB31E945CB92
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00173AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00173A97,?,?,00172E7F,?,?,?,00000000), ref: 00173AC2
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 001DE199: GetFileAttributesW.KERNEL32(?,001DCF95), ref: 001DE19A
                                                                                                                                                                                                                                                                                                                                                                                        • FindFirstFileW.KERNEL32(?,?), ref: 001DD122
                                                                                                                                                                                                                                                                                                                                                                                        • DeleteFileW.KERNEL32(?,?,?,?,?,00000000,?,?,?), ref: 001DD1DD
                                                                                                                                                                                                                                                                                                                                                                                        • MoveFileW.KERNEL32(?,?), ref: 001DD1F0
                                                                                                                                                                                                                                                                                                                                                                                        • DeleteFileW.KERNEL32(?,?,?,?), ref: 001DD20D
                                                                                                                                                                                                                                                                                                                                                                                        • FindNextFileW.KERNEL32(00000000,00000010), ref: 001DD237
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 001DD29C: CopyFileExW.KERNEL32(?,?,00000000,00000000,00000000,00000008,?,?,001DD21C,?,?), ref: 001DD2B2
                                                                                                                                                                                                                                                                                                                                                                                        • FindClose.KERNEL32(00000000,?,?,?), ref: 001DD253
                                                                                                                                                                                                                                                                                                                                                                                        • FindClose.KERNEL32(00000000), ref: 001DD264
                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: File$Find$CloseDelete$AttributesCopyFirstFullMoveNameNextPath
                                                                                                                                                                                                                                                                                                                                                                                        • String ID: \*.*
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1946585618-1173974218
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 81019e371a55803c528b5d6e53898d36458554a20b48997106ee745fde92c5d1
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 7f8ec2f1214c8bbb35a118f6ce48ec338ea6d129211c4e99668ee91f20d82c97
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 81019e371a55803c528b5d6e53898d36458554a20b48997106ee745fde92c5d1
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CB614C7180110DAECF05EBE0E992DEDB7B5AF65300F648166E40677292EB306F09DB61
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: Clipboard$AllocCloseEmptyGlobalOpen
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1737998785-0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: ac679c3827b35481849fc86b0a848c8e13f13a34dd28a1eaef4d6d0032b27dd6
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: f6af1035dfb13e9262d9f40c7b394386080f58e79c15a20ffc96d1ba6c6a01ae
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ac679c3827b35481849fc86b0a848c8e13f13a34dd28a1eaef4d6d0032b27dd6
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5C41BE75604A51AFE720DF16E888F19BBE5FF44318F24C199E4198B6A2C736ED41CB90
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 001D16C3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 001D170D
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 001D16C3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 001D173A
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 001D16C3: GetLastError.KERNEL32 ref: 001D174A
                                                                                                                                                                                                                                                                                                                                                                                        • ExitWindowsEx.USER32(?,00000000), ref: 001DE932
                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: AdjustErrorExitLastLookupPrivilegePrivilegesTokenValueWindows
                                                                                                                                                                                                                                                                                                                                                                                        • String ID: $ $@$SeShutdownPrivilege
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2234035333-3163812486
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: f50a098f38157a47e69db595211c8b11d3d697e269e4a517557c53d576270834
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: fbc75e014461852924a37c7924883bafb89e4be7b69c19000ad53d4c3f3be352
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f50a098f38157a47e69db595211c8b11d3d697e269e4a517557c53d576270834
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 900126B2611311BBEB1C37B4AC9ABBF72ECA71474AF250923FC02E62D2D7A05C44C590
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • socket.WSOCK32(00000002,00000001,00000006,?,00000002,00000000), ref: 001F1276
                                                                                                                                                                                                                                                                                                                                                                                        • WSAGetLastError.WSOCK32 ref: 001F1283
                                                                                                                                                                                                                                                                                                                                                                                        • bind.WSOCK32(00000000,?,00000010), ref: 001F12BA
                                                                                                                                                                                                                                                                                                                                                                                        • WSAGetLastError.WSOCK32 ref: 001F12C5
                                                                                                                                                                                                                                                                                                                                                                                        • closesocket.WSOCK32(00000000), ref: 001F12F4
                                                                                                                                                                                                                                                                                                                                                                                        • listen.WSOCK32(00000000,00000005), ref: 001F1303
                                                                                                                                                                                                                                                                                                                                                                                        • WSAGetLastError.WSOCK32 ref: 001F130D
                                                                                                                                                                                                                                                                                                                                                                                        • closesocket.WSOCK32(00000000), ref: 001F133C
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: ErrorLast$closesocket$bindlistensocket
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 540024437-0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 36e7df2d7aea1a9503b2912b6418bd43a3d4b3083d3a19bea162487274be6412
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 1619fe5d1ec2e05b78ba4a1b59acf50dbaf7c5e57b5284a4129c79a66695b5d2
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 36e7df2d7aea1a9503b2912b6418bd43a3d4b3083d3a19bea162487274be6412
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 87417D71600204EFD714DF68D488B29BBE5BF86318F288188E9568F296C771ED81CBA1
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00173AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00173A97,?,?,00172E7F,?,?,?,00000000), ref: 00173AC2
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 001DE199: GetFileAttributesW.KERNEL32(?,001DCF95), ref: 001DE19A
                                                                                                                                                                                                                                                                                                                                                                                        • FindFirstFileW.KERNEL32(?,?), ref: 001DD420
                                                                                                                                                                                                                                                                                                                                                                                        • DeleteFileW.KERNEL32(?,?,?,?), ref: 001DD470
                                                                                                                                                                                                                                                                                                                                                                                        • FindNextFileW.KERNEL32(00000000,00000010), ref: 001DD481
                                                                                                                                                                                                                                                                                                                                                                                        • FindClose.KERNEL32(00000000), ref: 001DD498
                                                                                                                                                                                                                                                                                                                                                                                        • FindClose.KERNEL32(00000000), ref: 001DD4A1
                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: FileFind$Close$AttributesDeleteFirstFullNameNextPath
                                                                                                                                                                                                                                                                                                                                                                                        • String ID: \*.*
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2649000838-1173974218
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 6a9c8fb54b639b036aa94a0ec625391c3654a835ed1b8187ca7ec5989a7802d3
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: d796f98ce6aad748ba65ac09a880eb8da1bb9baedb8e1c0b47469213265cf483
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6a9c8fb54b639b036aa94a0ec625391c3654a835ed1b8187ca7ec5989a7802d3
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D03163710183459FC304EF64E8568AF77F8BEA5314F548A1EF4D593292EB30AA09D763
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: __floor_pentium4
                                                                                                                                                                                                                                                                                                                                                                                        • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 4168288129-2761157908
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 0b9e2454891ed258bbf2f7c42da16e14b3cfbc73f4c4c21cbf89a2cf31d1ee2d
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: d1409da03c85ddc52201667503c1025c07950277258ea7c97f63aea12b78517c
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0b9e2454891ed258bbf2f7c42da16e14b3cfbc73f4c4c21cbf89a2cf31d1ee2d
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E5C24A75E046288FDB29CE68DD447EAB7F5EB4A304F1541EAD44DE7240E778AE828F40
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 001E64DC
                                                                                                                                                                                                                                                                                                                                                                                        • CoInitialize.OLE32(00000000), ref: 001E6639
                                                                                                                                                                                                                                                                                                                                                                                        • CoCreateInstance.OLE32(0020FCF8,00000000,00000001,0020FB68,?), ref: 001E6650
                                                                                                                                                                                                                                                                                                                                                                                        • CoUninitialize.OLE32 ref: 001E68D4
                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: CreateInitializeInstanceUninitialize_wcslen
                                                                                                                                                                                                                                                                                                                                                                                        • String ID: .lnk
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 886957087-24824748
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: bc8c6bb4f36b2c486059a63e634eff895001e1fb5557cc4c00327b6b440bb60a
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 660445d7c4946be467787c12282406b36f126a389c619d5585d72e712d68fbe1
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: bc8c6bb4f36b2c486059a63e634eff895001e1fb5557cc4c00327b6b440bb60a
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E4D14871608741AFC314DF24C881D6BB7E8FFA9744F50896DF5998B2A1DB30E909CB92
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • GetForegroundWindow.USER32(?,?,00000000), ref: 001F22E8
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 001EE4EC: GetWindowRect.USER32(?,?), ref: 001EE504
                                                                                                                                                                                                                                                                                                                                                                                        • GetDesktopWindow.USER32 ref: 001F2312
                                                                                                                                                                                                                                                                                                                                                                                        • GetWindowRect.USER32(00000000), ref: 001F2319
                                                                                                                                                                                                                                                                                                                                                                                        • mouse_event.USER32(00008001,?,?,00000002,00000002), ref: 001F2355
                                                                                                                                                                                                                                                                                                                                                                                        • GetCursorPos.USER32(?), ref: 001F2381
                                                                                                                                                                                                                                                                                                                                                                                        • mouse_event.USER32(00008001,?,?,00000000,00000000), ref: 001F23DF
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: Window$Rectmouse_event$CursorDesktopForeground
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2387181109-0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: ac61c7b645230bd2d4a9ac1600c952cffa11b6d9d92e4382882cb600d6c22bc7
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: e0847510ed302f5e545d6ebefdf795bc389aada9764a851874f6663a82a449c0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ac61c7b645230bd2d4a9ac1600c952cffa11b6d9d92e4382882cb600d6c22bc7
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0A31D2B25053199FC720DF54D849F6BBBE9FF88314F100A19F58597191D734E908CB91
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00179CB3: _wcslen.LIBCMT ref: 00179CBD
                                                                                                                                                                                                                                                                                                                                                                                        • FindFirstFileW.KERNEL32(00000001,?,*.*,?,?,00000000,00000000), ref: 001E9B78
                                                                                                                                                                                                                                                                                                                                                                                        • FindClose.KERNEL32(00000000,?,00000000,00000000), ref: 001E9C8B
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 001E3874: GetInputState.USER32 ref: 001E38CB
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 001E3874: PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 001E3966
                                                                                                                                                                                                                                                                                                                                                                                        • Sleep.KERNEL32(0000000A,?,00000000,00000000), ref: 001E9BA8
                                                                                                                                                                                                                                                                                                                                                                                        • FindNextFileW.KERNEL32(?,?,?,00000000,00000000), ref: 001E9C75
                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: Find$File$CloseFirstInputMessageNextPeekSleepState_wcslen
                                                                                                                                                                                                                                                                                                                                                                                        • String ID: *.*
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1972594611-438819550
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 312d74f95a5b7746b0f32050f76884fbeef2bdaab01a6bf94daf7a142f994286
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 38463c1709dea22105306e892f7b8e077d7bef2d7408dc6fda68e6854b27f3b0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 312d74f95a5b7746b0f32050f76884fbeef2bdaab01a6bf94daf7a142f994286
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 82419571900649AFCF15EF65D849AEEBBF8FF15310F248155E815A7191EB30AE84CF60
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00189BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00189BB2
                                                                                                                                                                                                                                                                                                                                                                                        • DefDlgProcW.USER32(?,?,?,?,?), ref: 00189A4E
                                                                                                                                                                                                                                                                                                                                                                                        • GetSysColor.USER32(0000000F), ref: 00189B23
                                                                                                                                                                                                                                                                                                                                                                                        • SetBkColor.GDI32(?,00000000), ref: 00189B36
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: Color$LongProcWindow
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3131106179-0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 295468a83ce460d0c7f39f2d52c230557d9e614a5f082ec43a00857b14c5be35
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: ab97940599870e5fbb9c76c5ad9abda46e63a69231312b013ec5eb3075bd1d78
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 295468a83ce460d0c7f39f2d52c230557d9e614a5f082ec43a00857b14c5be35
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B1A1F670218614AEE72DBA289C8DE7B3A9DEB52340B19020DF502D7AD2CB65DF51CF71
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 001F304E: inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 001F307A
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 001F304E: _wcslen.LIBCMT ref: 001F309B
                                                                                                                                                                                                                                                                                                                                                                                        • socket.WSOCK32(00000002,00000002,00000011,?,?,00000000), ref: 001F185D
                                                                                                                                                                                                                                                                                                                                                                                        • WSAGetLastError.WSOCK32 ref: 001F1884
                                                                                                                                                                                                                                                                                                                                                                                        • bind.WSOCK32(00000000,?,00000010), ref: 001F18DB
                                                                                                                                                                                                                                                                                                                                                                                        • WSAGetLastError.WSOCK32 ref: 001F18E6
                                                                                                                                                                                                                                                                                                                                                                                        • closesocket.WSOCK32(00000000), ref: 001F1915
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: ErrorLast$_wcslenbindclosesocketinet_addrsocket
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1601658205-0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 44850098071a4d94b536491539df2979e708420ac572eae2f4c6b67c24da36a9
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: c58e023eebfea8741906c0c6ada8462565c5ae92a40a9e35657366b8a538b342
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 44850098071a4d94b536491539df2979e708420ac572eae2f4c6b67c24da36a9
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3E51A071A00204AFDB10AF24D88AF2A77A5AB58718F18C05CFA0A5F3D3D771AD418BA1
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: Window$EnabledForegroundIconicVisibleZoomed
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 292994002-0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 3fad0fb0b5acff8f712a7219d95e72256269d30888e35d15476415057b84e339
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: f7b2d2611489036fc84b898a360d1368f23c5da56e47d55ab59d39654907f823
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3fad0fb0b5acff8f712a7219d95e72256269d30888e35d15476415057b84e339
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0E2194717503115FE7208F2AD888B5A7BA5EF95314F198059E8468B293CB71DC62CB91
                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                                                                                                                        • String ID: ERCP$VUUU$VUUU$VUUU$VUUU
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 0-1546025612
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: a740145dd90ee148036621ad9604bdb54a2d22fbbd0138c426b0d341d711418e
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: b6a6a0654d0c6fd892d5d176e7826458d849212d5c990e485251e7670327447b
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a740145dd90ee148036621ad9604bdb54a2d22fbbd0138c426b0d341d711418e
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E2A29070E4061ACBDF28CF58C9847EDB7B2BF54314F2581AAE819A7285DB749D81CF90
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • lstrlenW.KERNEL32(?,?,?,00000000), ref: 001D82AA
                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: lstrlen
                                                                                                                                                                                                                                                                                                                                                                                        • String ID: ($tb#$|
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1659193697-4063146538
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: ed3e9ffc93e611e369e52ed90e670766f99c9b66b94da32543bcf3ab0bdc72f6
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: d333abec9ab771a237e1ac40acf217cb2e5a09c2bcfe0650ae697ec593117a4a
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ed3e9ffc93e611e369e52ed90e670766f99c9b66b94da32543bcf3ab0bdc72f6
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E1323575A007059FCB28DF59C481A6AB7F0FF48720B15C56EE49ADB3A1EB70E981CB50
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • GetKeyboardState.USER32(?,00000001,00000040,00000000), ref: 001DAAAC
                                                                                                                                                                                                                                                                                                                                                                                        • SetKeyboardState.USER32(00000080), ref: 001DAAC8
                                                                                                                                                                                                                                                                                                                                                                                        • PostMessageW.USER32(?,00000102,00000001,00000001), ref: 001DAB36
                                                                                                                                                                                                                                                                                                                                                                                        • SendInput.USER32(00000001,?,0000001C,00000001,00000040,00000000), ref: 001DAB88
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: KeyboardState$InputMessagePostSend
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 432972143-0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: a051d33736c31cf4f982e8eb3460c16d595dbe73958b521d3c6028df9eee8530
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 2710ed8b7fc1a7c3c4e9738a01b347e95f00f0d10a771e578383c5a56fd0b12a
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a051d33736c31cf4f982e8eb3460c16d595dbe73958b521d3c6028df9eee8530
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3F313B70A40218AEFF35CB64CC05BFA7BAAAF45310F94431BF581563D1D3759982C762
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 001ABB7F
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 001A29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,001AD7D1,00000000,00000000,00000000,00000000,?,001AD7F8,00000000,00000007,00000000,?,001ADBF5,00000000), ref: 001A29DE
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 001A29C8: GetLastError.KERNEL32(00000000,?,001AD7D1,00000000,00000000,00000000,00000000,?,001AD7F8,00000000,00000007,00000000,?,001ADBF5,00000000,00000000), ref: 001A29F0
                                                                                                                                                                                                                                                                                                                                                                                        • GetTimeZoneInformation.KERNEL32 ref: 001ABB91
                                                                                                                                                                                                                                                                                                                                                                                        • WideCharToMultiByte.KERNEL32(00000000,?,0024121C,000000FF,?,0000003F,?,?), ref: 001ABC09
                                                                                                                                                                                                                                                                                                                                                                                        • WideCharToMultiByte.KERNEL32(00000000,?,00241270,000000FF,?,0000003F,?,?,?,0024121C,000000FF,?,0000003F,?,?), ref: 001ABC36
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: ByteCharMultiWide$ErrorFreeHeapInformationLastTimeZone_free
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 806657224-0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: e27ec6e999513c3f1f85946de0a7f5e15af536080a59af28a3d22c87ada78b8a
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 9eb03c08f91141f9b0aafbe965a90c7bdd86750923c0fb92daa5b744c717c16d
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e27ec6e999513c3f1f85946de0a7f5e15af536080a59af28a3d22c87ada78b8a
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F431F078908295DFCB05DF68EC8082DBBB8FF57320B1442AAE420D72A6D7709D90CB60
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • InternetReadFile.WININET(?,?,00000400,?), ref: 001ECE89
                                                                                                                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,00000000), ref: 001ECEEA
                                                                                                                                                                                                                                                                                                                                                                                        • SetEvent.KERNEL32(?,?,00000000), ref: 001ECEFE
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: ErrorEventFileInternetLastRead
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 234945975-0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 0801bc3f579924fbed82d93803638af4822898165d40880eb77e6036b0cc3e75
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: a7cccc574d2007d7a95de71ce91aaf656ff2dab315c595ccaef301bc4c60fb0c
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0801bc3f579924fbed82d93803638af4822898165d40880eb77e6036b0cc3e75
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BD21BDB1500B05AFEB30DFA6DD49BAABBFCEB50314F20441EE54692151E770EE068BA0
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • FindFirstFileW.KERNEL32(?,?), ref: 001E5CC1
                                                                                                                                                                                                                                                                                                                                                                                        • FindNextFileW.KERNEL32(00000000,?), ref: 001E5D17
                                                                                                                                                                                                                                                                                                                                                                                        • FindClose.KERNEL32(?), ref: 001E5D5F
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: Find$File$CloseFirstNext
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3541575487-0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 86c5dcde0bbf3a314056ffd45e875bc78df2dfcf198b8d0af8f2921e5a544476
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 5df64cf7f052ead0014ebb10d8fb5b3f065482e54210d63fb8c8cdb1f76e7c42
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 86c5dcde0bbf3a314056ffd45e875bc78df2dfcf198b8d0af8f2921e5a544476
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0951BC74600A419FC704CF68C894A9AB7F5FF0A318F14855DE95A8B3A2CB30ED04CF91
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • IsDebuggerPresent.KERNEL32 ref: 001A271A
                                                                                                                                                                                                                                                                                                                                                                                        • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 001A2724
                                                                                                                                                                                                                                                                                                                                                                                        • UnhandledExceptionFilter.KERNEL32(?), ref: 001A2731
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3906539128-0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 69c125f5f395041df63452995e59e721fb71e075ad048e1b709fb3bdc288e95c
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 3bba920d33f9b2e2e9d1d2ea36499cd8fbf38574cd2209620231a5232c6f72ed
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 69c125f5f395041df63452995e59e721fb71e075ad048e1b709fb3bdc288e95c
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6831B474911328ABCB21DF68DD89799B7B8AF18710F5042EAE81CA7261E7349F818F45
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • SetErrorMode.KERNEL32(00000001), ref: 001E51DA
                                                                                                                                                                                                                                                                                                                                                                                        • GetDiskFreeSpaceExW.KERNEL32(?,?,?,?), ref: 001E5238
                                                                                                                                                                                                                                                                                                                                                                                        • SetErrorMode.KERNEL32(00000000), ref: 001E52A1
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: ErrorMode$DiskFreeSpace
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1682464887-0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 1b103bfc7fba6c5cbeb1cb4daa538e11a5453e6dd06ff9c88301d61ba516d1b3
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: d90ba0f188d5145c5677732c03540c97866061e5ea8dbb03861a3f1a92b8263c
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1b103bfc7fba6c5cbeb1cb4daa538e11a5453e6dd06ff9c88301d61ba516d1b3
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 76318175A00608DFDB00DF54D888EADBBB5FF09318F188099E9099B392CB31E845CBA0
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 0018FDDB: __CxxThrowException@8.LIBVCRUNTIME ref: 00190668
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 0018FDDB: __CxxThrowException@8.LIBVCRUNTIME ref: 00190685
                                                                                                                                                                                                                                                                                                                                                                                        • LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 001D170D
                                                                                                                                                                                                                                                                                                                                                                                        • AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 001D173A
                                                                                                                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32 ref: 001D174A
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: Exception@8Throw$AdjustErrorLastLookupPrivilegePrivilegesTokenValue
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 577356006-0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: ca4f3d19a88dd3194a7b939e62ac20dd65596854ecca508c62b24aa05dd89098
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: e0ba8e99ca6f10c298b1ceb24d6a65f9e1378d2f3dca5d7e3a403a591be76dcd
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ca4f3d19a88dd3194a7b939e62ac20dd65596854ecca508c62b24aa05dd89098
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A51191B2414304BFD718AF54ECC6D6AB7BDEB44714B20862EE45657251EB70FC418B20
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • CreateFileW.KERNEL32(?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 001DD608
                                                                                                                                                                                                                                                                                                                                                                                        • DeviceIoControl.KERNEL32(00000000,002D1400,?,0000000C,?,00000028,?,00000000), ref: 001DD645
                                                                                                                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(?,?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 001DD650
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: CloseControlCreateDeviceFileHandle
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 33631002-0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 1828a23776ee02760e6e183bed350395faef182c6aee41ed94964d727400e0a3
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 3f239377940b34ac48b0bc013a591c21e6fb846b2cc81e227bcce2eb761ceb56
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1828a23776ee02760e6e183bed350395faef182c6aee41ed94964d727400e0a3
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 97113CB5E05228BFDB108F95AC49FAFBBBCEB45B50F108156F904E7290D6704A058BA1
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?), ref: 001D168C
                                                                                                                                                                                                                                                                                                                                                                                        • CheckTokenMembership.ADVAPI32(00000000,?,?), ref: 001D16A1
                                                                                                                                                                                                                                                                                                                                                                                        • FreeSid.ADVAPI32(?), ref: 001D16B1
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: AllocateCheckFreeInitializeMembershipToken
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3429775523-0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: d83e9eb5e14a4b9336a6e2f090e132a8925b98900fca68b92f77662e07da80cf
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 2572980ef7513f109be5a612d477265e422996799bf23811a392edfa149ea013
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d83e9eb5e14a4b9336a6e2f090e132a8925b98900fca68b92f77662e07da80cf
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A0F0F4B1950309FBEB00DFE49D89AAEBBBDFB08604F504565E501E2181E774AA448A50
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • GetUserNameW.ADVAPI32(?,?), ref: 001CD28C
                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: NameUser
                                                                                                                                                                                                                                                                                                                                                                                        • String ID: X64
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2645101109-893830106
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: abc0bb06931ac67b1b04d354aaecaa538e37786e3b3847aad24a1a4b3569684e
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 91d0ab567b6d1da4930b1e7bdc6f3043f6627845a65a8edf36229a02da9a310c
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: abc0bb06931ac67b1b04d354aaecaa538e37786e3b3847aad24a1a4b3569684e
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D1D0C9B480121DEACB98DB90EC88DDAB37CBB14305F100265F106A2040DB3096498F10
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 2fbdbeface8d474e65e3d830227d731b015bc4fe83c76ff0107a9da6199ccf29
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 504e5e857a9639de00b2a428de091a7d1a1f70e9e20d8f18ab2c0fbe2a3da1db
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2fbdbeface8d474e65e3d830227d731b015bc4fe83c76ff0107a9da6199ccf29
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B6021C71E002199FDF14CFA9C8906AEFBF1EF98314F25816AD859E7384D731AA418BD4
                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                                                                                                                        • String ID: Variable is not of type 'Object'.$p#$
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 0-1842369532
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: f9bdf21cc0618469013888bdbcd721b638f6ceb1ca6b761dd0ec4df074b5746a
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 19ef3ae684d6df33e11bbc31a7bff92fa8ef5308413bbfee2a578ecbdc015b45
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f9bdf21cc0618469013888bdbcd721b638f6ceb1ca6b761dd0ec4df074b5746a
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 23328C74900218DBDF15DF94C885BEDB7B5BF29304F24806DE80AAB292DB35EE45CB91
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • FindFirstFileW.KERNEL32(?,?), ref: 001E6918
                                                                                                                                                                                                                                                                                                                                                                                        • FindClose.KERNEL32(00000000), ref: 001E6961
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: Find$CloseFileFirst
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2295610775-0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 69497b0d31fe80b7fd72799957a43e4796a64a3410421d08fb6ca096e7b7eda6
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: f9fb0d79f00548a73d42cfe4f5af663a14f6a746dd4d50b43733a5a6806bbd2c
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 69497b0d31fe80b7fd72799957a43e4796a64a3410421d08fb6ca096e7b7eda6
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7D1190716046409FC710DF2AD488A1ABBE5FF95328F54C69DE8698F6A3C730EC05CB91
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32(00000000,?,00000FFF,00000000,?,?,?,001F4891,?,?,00000035,?), ref: 001E37E4
                                                                                                                                                                                                                                                                                                                                                                                        • FormatMessageW.KERNEL32(00001000,00000000,?,00000000,?,00000FFF,00000000,?,?,?,001F4891,?,?,00000035,?), ref: 001E37F4
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: ErrorFormatLastMessage
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3479602957-0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 8b960f46332759bd1dfb0358f8f2a56c7d1f4db9fbfbe541764e9e7bdf191675
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: d915b7e251b0f6008f60383a866df51333feb0724fee6323c005318e9828bcf2
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8b960f46332759bd1dfb0358f8f2a56c7d1f4db9fbfbe541764e9e7bdf191675
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 64F0E5B0A053282AEB2017679C4DFEB3AAEEFC4761F000269F509D3281DB609908C6B0
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • SendInput.USER32(00000001,?,0000001C,?,?,00000002), ref: 001DB25D
                                                                                                                                                                                                                                                                                                                                                                                        • keybd_event.USER32(?,75C0C0D0,?,00000000), ref: 001DB270
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: InputSendkeybd_event
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3536248340-0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: c4241210bc182ab9181442cd1fdd583e366b72947e1e0ee91447766d81dcd312
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: a5ca0805127ca21f9f1435678e0fe344d00894a8ce5214f5776751ad494a6ac4
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c4241210bc182ab9181442cd1fdd583e366b72947e1e0ee91447766d81dcd312
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FFF01D7580424DABDF059FA0D805BAE7FB4FF04305F10800AF955A51A2C3799611DF94
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,001D11FC), ref: 001D10D4
                                                                                                                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(?,?,001D11FC), ref: 001D10E9
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: AdjustCloseHandlePrivilegesToken
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 81990902-0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 6e076a8d83c54a60efcf18956bee1dfa36445527b0dc2c0e907ae0fd5b40ee53
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: d235b015f7548c6a0613636effb57f3bef03d37fd80077f95728819d525cd6eb
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6e076a8d83c54a60efcf18956bee1dfa36445527b0dc2c0e907ae0fd5b40ee53
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D0E0BF72018710FEE7253B51FC09E7777A9EB04311B24892EF5A5805B1DB626CA1DB50
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,001A6766,?,?,00000008,?,?,001AFEFE,00000000), ref: 001A6998
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: ExceptionRaise
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3997070919-0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 67f434ec1017b4203846a71b34737b9c45b49135f91755c562de744b8687cf65
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: cd22ce66d7c1738302452e49c98c2d17c19162fda0726a9be5fdcd04a2767c09
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 67f434ec1017b4203846a71b34737b9c45b49135f91755c562de744b8687cf65
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 36B14D79610608DFD719CF28C48AB657BE0FF46364F298658E899CF2A2C339D991CB40
                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 0-3916222277
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: cd6892bdddadb131a157e33898db15726e5b5cc8314181a9a94772f38d30c969
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: c93ac1ed1c1772f9eaa63ff847f33f18966c5b47518e6687de6a1e304062c1b9
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: cd6892bdddadb131a157e33898db15726e5b5cc8314181a9a94772f38d30c969
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A3125D719042299BCB24DF58C881BEEB7B5FF58710F1581AAE849EB255DB30DE81CF90
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • BlockInput.USER32(00000001), ref: 001EEABD
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: BlockInput
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3456056419-0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 22a524ebd6c7cb24b15f41576d62a381bb79426de76c1b22e4dfe90e70891c00
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 5126d2ff89e08b1eda9ae01bcbc698441c22e268078fcbeeac963c4e05bf0c9c
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 22a524ebd6c7cb24b15f41576d62a381bb79426de76c1b22e4dfe90e70891c00
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 87E01A712002049FC710EF6AE844E9AB7E9AFA8760F00842AFC4AC7291DB70E8408B90
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • SetUnhandledExceptionFilter.KERNEL32(Function_000209E1,001903EE), ref: 001909DA
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: ExceptionFilterUnhandled
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3192549508-0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: b4f5202c4b3f0eaedc0ae4b7ee8d8f38c54a5718521a4e82c338ab570edca3cf
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: e1e8d3a05afc8a210a1eb4169723e3b220964581ca3d346ffe9b0ce9b6d12a81
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b4f5202c4b3f0eaedc0ae4b7ee8d8f38c54a5718521a4e82c338ab570edca3cf
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash:
                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                                                                                                                        • String ID: 0
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 0-4108050209
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 9084b4e029052128895840c3c28e948f6724b1d83b91d22a18243ac96ad56844
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: a3576c8e46caf9d6dff2a73960fd42a5c29c161c3fa10de2f75d4320474fe6da
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9084b4e029052128895840c3c28e948f6724b1d83b91d22a18243ac96ad56844
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7251877163C7059BDF3C8578885EBBE6389DF22358F180909E886DB2C2CB15EE02D356
                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                                                                                                                        • String ID: 0&$
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 0-620190583
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 016b2d10b011cb042c19fcac43a8d4ba062bb825db67858cd9381b814fc23446
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 69dee0a3a59bc5453db7d8d53dd94d0ae280ee04de09b4034c22fb92dbf305fb
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 016b2d10b011cb042c19fcac43a8d4ba062bb825db67858cd9381b814fc23446
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: EF21BB326205158BD728CF7AD82367E73E9A754310F55862EF4A7C37D0DE75A904C780
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 4bc193aee10c55fc2ec7c12379c2cd69a54df9348c6ac58f367ac715a4e13c1a
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: b2cca244a9f7c1ef70e00d05c2245787dd6e98be4167363512aabcb38d218aed
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4bc193aee10c55fc2ec7c12379c2cd69a54df9348c6ac58f367ac715a4e13c1a
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F5324526D29F018DD7239634EC26336A689AFB73C5F15C737F81AB59A6EF29C5834100
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: be8675c4bf2d9779eca38c5640a96c55e099c76940b66f2f14b5f726cef2f8b1
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 5d8289f3812547257e892a1dba07cef46aa6ff05c65dba4d4b52b9fb9c6bcc30
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: be8675c4bf2d9779eca38c5640a96c55e099c76940b66f2f14b5f726cef2f8b1
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D4320331A002558BCF28DE68C494FBDBBA1EB65314F29856ED44E8B691E330DE81DBD1
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 96e4426d48485b5e3cb73cd2897e4d966c11bc1bbebcd5d8dc074652420e817a
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: f163b8ba4477f0d9b3f9172ec9a60908abaf9f983ea2896f3ed61dfc4fb5d20b
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 96e4426d48485b5e3cb73cd2897e4d966c11bc1bbebcd5d8dc074652420e817a
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E822AF70A04609DFDF14DF64D881AEEB3F6FF58300F148529E81AA7291EB369E15CB50
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: eea614b5faf3213d015d5d4301ebcc545f48a26e00f7dfaab35b1fafef10d036
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 79590f15d7c0c342640f598f9b7ee0b3b640d2e7e1092079d49839b9cc7c916e
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: eea614b5faf3213d015d5d4301ebcc545f48a26e00f7dfaab35b1fafef10d036
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 490295B1A00205EBDF04DF64D981AEDBBF5FF54300F118169E81ADB291EB31AE55CB91
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: d532323694a7f0aea764ab0259f4891de9b5cdb09a90ca5343a4fbf9d6752af9
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 234fb3270cc58684328df4f31172bf6a38e1b5599e086504191dd981ac68cb42
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d532323694a7f0aea764ab0259f4891de9b5cdb09a90ca5343a4fbf9d6752af9
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 05B1F120D2AF404DC22396399835336FA5DAFBB6D5F91D31BFC2674D22EF2286834180
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 93657a121f16255c59120ad0d08fdbba6372c273009ad596b4ecdf6e8f3c6909
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: bc755886803c95924f0cfe1d9bfa76a469cd3ce37eaac98d7ec73a5d73191ab0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 93657a121f16255c59120ad0d08fdbba6372c273009ad596b4ecdf6e8f3c6909
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 739186736090A35ADF2E467E857807EFFE15A923A131A079ED4F2CA1C5FF20D994D620
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 05e0b846b00456d0f1e87463b9d189974beed2fe63262d4392584e128a114ea2
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: e3a93c00f215c26d9ca876c28cd947d122bc141a751ed6719f25f3238e388cc4
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 05e0b846b00456d0f1e87463b9d189974beed2fe63262d4392584e128a114ea2
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 569156736090A359DF6D4239857443EFFE15A923A131E07ADE4F2CB1C5EF3495A8E620
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 40101273f58913c3cb3bc7eb54df01d47b4121c3e67d19f11ec2cb23d33ea445
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: a3e8f38f07f0a51d752eb15114a4ba03bde9787a01b4b1f206728bc66915cf93
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 40101273f58913c3cb3bc7eb54df01d47b4121c3e67d19f11ec2cb23d33ea445
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1C912F722090E35ADF2D467A857407EFFF15A923A231A079ED4F3CB1C5FF2499A49620
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: d1f033a01c463947df0822e1a6a25571d2c0f55464bc0117b405b44a14bfc97e
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: ffb72166f5ad4a79b563ce95f58acbf8b7486041652331f6b0ac515f07dbe29d
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d1f033a01c463947df0822e1a6a25571d2c0f55464bc0117b405b44a14bfc97e
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 37616B7173870A96DE3CAA2C8C95BBE2395EF52704F18091AE843DB2D1D715DE42C355
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 7405ddb0fbe48fb6215ebf42dac2ebe6946c5185380d3071dad639c9b81105b4
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 89aed0d91b2abd27c64aaf14b52782eb1d1d9de1218c4d12f8c9dc67621f05d0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7405ddb0fbe48fb6215ebf42dac2ebe6946c5185380d3071dad639c9b81105b4
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 80618971738709A7DE3D5AA89892BBF23C8EF52744F140959E843DB2C1DB12ED428355
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 70da388f96bbbf26b230a155b4728740b34f0d100ea60ab2bbadb9d7d0befbf0
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: df36bde7c389126d06470f3f6d0fec8bf5a40a40b950c49301686a2aa7be3d17
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 70da388f96bbbf26b230a155b4728740b34f0d100ea60ab2bbadb9d7d0befbf0
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1E8195736080A31EEF6E427A853407EFFE15A923A531A079ED4F2CB1C1EF24D594E620
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • DeleteObject.GDI32(00000000), ref: 001F2B30
                                                                                                                                                                                                                                                                                                                                                                                        • DeleteObject.GDI32(00000000), ref: 001F2B43
                                                                                                                                                                                                                                                                                                                                                                                        • DestroyWindow.USER32 ref: 001F2B52
                                                                                                                                                                                                                                                                                                                                                                                        • GetDesktopWindow.USER32 ref: 001F2B6D
                                                                                                                                                                                                                                                                                                                                                                                        • GetWindowRect.USER32(00000000), ref: 001F2B74
                                                                                                                                                                                                                                                                                                                                                                                        • SetRect.USER32(?,00000000,00000000,00000007,00000002), ref: 001F2CA3
                                                                                                                                                                                                                                                                                                                                                                                        • AdjustWindowRectEx.USER32(?,88C00000,00000000,?), ref: 001F2CB1
                                                                                                                                                                                                                                                                                                                                                                                        • CreateWindowExW.USER32(?,AutoIt v3,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 001F2CF8
                                                                                                                                                                                                                                                                                                                                                                                        • GetClientRect.USER32(00000000,?), ref: 001F2D04
                                                                                                                                                                                                                                                                                                                                                                                        • CreateWindowExW.USER32(00000000,static,00000000,5000000E,00000000,00000000,?,?,00000000,00000000,00000000), ref: 001F2D40
                                                                                                                                                                                                                                                                                                                                                                                        • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 001F2D62
                                                                                                                                                                                                                                                                                                                                                                                        • GetFileSize.KERNEL32(00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 001F2D75
                                                                                                                                                                                                                                                                                                                                                                                        • GlobalAlloc.KERNEL32(00000002,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 001F2D80
                                                                                                                                                                                                                                                                                                                                                                                        • GlobalLock.KERNEL32(00000000), ref: 001F2D89
                                                                                                                                                                                                                                                                                                                                                                                        • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 001F2D98
                                                                                                                                                                                                                                                                                                                                                                                        • GlobalUnlock.KERNEL32(00000000), ref: 001F2DA1
                                                                                                                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 001F2DA8
                                                                                                                                                                                                                                                                                                                                                                                        • GlobalFree.KERNEL32(00000000), ref: 001F2DB3
                                                                                                                                                                                                                                                                                                                                                                                        • CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 001F2DC5
                                                                                                                                                                                                                                                                                                                                                                                        • OleLoadPicture.OLEAUT32(?,00000000,00000000,0020FC38,00000000), ref: 001F2DDB
                                                                                                                                                                                                                                                                                                                                                                                        • GlobalFree.KERNEL32(00000000), ref: 001F2DEB
                                                                                                                                                                                                                                                                                                                                                                                        • CopyImage.USER32(00000007,00000000,00000000,00000000,00002000), ref: 001F2E11
                                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00000172,00000000,00000007), ref: 001F2E30
                                                                                                                                                                                                                                                                                                                                                                                        • SetWindowPos.USER32(00000000,00000000,00000000,00000000,?,?,00000020,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 001F2E52
                                                                                                                                                                                                                                                                                                                                                                                        • ShowWindow.USER32(00000004,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 001F303F
                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: Window$Global$CreateRect$File$DeleteFreeObject$AdjustAllocClientCloseCopyDesktopDestroyHandleImageLoadLockMessagePictureReadSendShowSizeStreamUnlock
                                                                                                                                                                                                                                                                                                                                                                                        • String ID: $AutoIt v3$DISPLAY$static
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2211948467-2373415609
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 981608a1cb5158d365c908026022c5288c290bc54eb90c4fe8399dffa857d67b
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: bfa16105802b24fb77ed215feace4a3af154d7ee09845ef465780952171e9c79
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 981608a1cb5158d365c908026022c5288c290bc54eb90c4fe8399dffa857d67b
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DA027EB5500208EFDB14DF64DC8DEAE7BB9EF49714F148258F919AB2A1CB70AD01CB60
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • SetTextColor.GDI32(?,00000000), ref: 0020712F
                                                                                                                                                                                                                                                                                                                                                                                        • GetSysColorBrush.USER32(0000000F), ref: 00207160
                                                                                                                                                                                                                                                                                                                                                                                        • GetSysColor.USER32(0000000F), ref: 0020716C
                                                                                                                                                                                                                                                                                                                                                                                        • SetBkColor.GDI32(?,000000FF), ref: 00207186
                                                                                                                                                                                                                                                                                                                                                                                        • SelectObject.GDI32(?,?), ref: 00207195
                                                                                                                                                                                                                                                                                                                                                                                        • InflateRect.USER32(?,000000FF,000000FF), ref: 002071C0
                                                                                                                                                                                                                                                                                                                                                                                        • GetSysColor.USER32(00000010), ref: 002071C8
                                                                                                                                                                                                                                                                                                                                                                                        • CreateSolidBrush.GDI32(00000000), ref: 002071CF
                                                                                                                                                                                                                                                                                                                                                                                        • FrameRect.USER32(?,?,00000000), ref: 002071DE
                                                                                                                                                                                                                                                                                                                                                                                        • DeleteObject.GDI32(00000000), ref: 002071E5
                                                                                                                                                                                                                                                                                                                                                                                        • InflateRect.USER32(?,000000FE,000000FE), ref: 00207230
                                                                                                                                                                                                                                                                                                                                                                                        • FillRect.USER32(?,?,?), ref: 00207262
                                                                                                                                                                                                                                                                                                                                                                                        • GetWindowLongW.USER32(?,000000F0), ref: 00207284
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 002073E8: GetSysColor.USER32(00000012), ref: 00207421
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 002073E8: SetTextColor.GDI32(?,?), ref: 00207425
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 002073E8: GetSysColorBrush.USER32(0000000F), ref: 0020743B
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 002073E8: GetSysColor.USER32(0000000F), ref: 00207446
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 002073E8: GetSysColor.USER32(00000011), ref: 00207463
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 002073E8: CreatePen.GDI32(00000000,00000001,00743C00), ref: 00207471
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 002073E8: SelectObject.GDI32(?,00000000), ref: 00207482
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 002073E8: SetBkColor.GDI32(?,00000000), ref: 0020748B
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 002073E8: SelectObject.GDI32(?,?), ref: 00207498
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 002073E8: InflateRect.USER32(?,000000FF,000000FF), ref: 002074B7
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 002073E8: RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 002074CE
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 002073E8: GetWindowLongW.USER32(00000000,000000F0), ref: 002074DB
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: Color$Rect$Object$BrushInflateSelect$CreateLongTextWindow$DeleteFillFrameRoundSolid
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 4124339563-0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 4793cda1f973881b8652637ab1d51f879b2e714dadc6010794e07028799de65f
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 89962cd8c361a2d54825566dfb44482dfb502820aac482d698cab49b82a025c6
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4793cda1f973881b8652637ab1d51f879b2e714dadc6010794e07028799de65f
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 20A192B2418301AFD7119F60EC4CA5BBBA9FF49320F200B19F966A61E2D771E954CF51
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • DestroyWindow.USER32(?,?), ref: 00188E14
                                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001308,?,00000000), ref: 001C6AC5
                                                                                                                                                                                                                                                                                                                                                                                        • ImageList_Remove.COMCTL32(?,000000FF,?), ref: 001C6AFE
                                                                                                                                                                                                                                                                                                                                                                                        • MoveWindow.USER32(?,?,?,?,?,00000000), ref: 001C6F43
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00188F62: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00188BE8,?,00000000,?,?,?,?,00188BBA,00000000,?), ref: 00188FC5
                                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001053), ref: 001C6F7F
                                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001008,000000FF,00000000), ref: 001C6F96
                                                                                                                                                                                                                                                                                                                                                                                        • ImageList_Destroy.COMCTL32(00000000,?), ref: 001C6FAC
                                                                                                                                                                                                                                                                                                                                                                                        • ImageList_Destroy.COMCTL32(00000000,?), ref: 001C6FB7
                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: DestroyImageList_MessageSend$Window$InvalidateMoveRectRemove
                                                                                                                                                                                                                                                                                                                                                                                        • String ID: 0
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2760611726-4108050209
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 5350cc1339a6daf9504d490862f577175be884363f7cf325624f217ffecec019
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 3aa4e3a46d3ea729ba2d42d0d7294eb93e6b447c55ad4e6cf69f802c75345da7
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5350cc1339a6daf9504d490862f577175be884363f7cf325624f217ffecec019
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0C128B34204601DFDB25DF24D898FAABBE5FB69300F54456DE4858B262CB31EDA1CF91
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • DestroyWindow.USER32(00000000), ref: 001F273E
                                                                                                                                                                                                                                                                                                                                                                                        • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 001F286A
                                                                                                                                                                                                                                                                                                                                                                                        • SetRect.USER32(?,00000000,00000000,0000012C,?), ref: 001F28A9
                                                                                                                                                                                                                                                                                                                                                                                        • AdjustWindowRectEx.USER32(?,88C00000,00000000,00000008), ref: 001F28B9
                                                                                                                                                                                                                                                                                                                                                                                        • CreateWindowExW.USER32(00000008,AutoIt v3,?,88C00000,000000FF,?,?,?,00000000,00000000,00000000), ref: 001F2900
                                                                                                                                                                                                                                                                                                                                                                                        • GetClientRect.USER32(00000000,?), ref: 001F290C
                                                                                                                                                                                                                                                                                                                                                                                        • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000), ref: 001F2955
                                                                                                                                                                                                                                                                                                                                                                                        • CreateDCW.GDI32(DISPLAY,00000000,00000000,00000000), ref: 001F2964
                                                                                                                                                                                                                                                                                                                                                                                        • GetStockObject.GDI32(00000011), ref: 001F2974
                                                                                                                                                                                                                                                                                                                                                                                        • SelectObject.GDI32(00000000,00000000), ref: 001F2978
                                                                                                                                                                                                                                                                                                                                                                                        • GetTextFaceW.GDI32(00000000,00000040,?,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?), ref: 001F2988
                                                                                                                                                                                                                                                                                                                                                                                        • GetDeviceCaps.GDI32(00000000,0000005A), ref: 001F2991
                                                                                                                                                                                                                                                                                                                                                                                        • DeleteDC.GDI32(00000000), ref: 001F299A
                                                                                                                                                                                                                                                                                                                                                                                        • CreateFontW.GDI32(00000000,00000000,00000000,00000000,00000258,00000000,00000000,00000000,00000001,00000004,00000000,00000002,00000000,?), ref: 001F29C6
                                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000030,00000000,00000001), ref: 001F29DD
                                                                                                                                                                                                                                                                                                                                                                                        • CreateWindowExW.USER32(00000200,msctls_progress32,00000000,50000001,?,-0000001D,00000104,00000014,00000000,00000000,00000000), ref: 001F2A1D
                                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00000401,00000000,00640000), ref: 001F2A31
                                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000404,00000001,00000000), ref: 001F2A42
                                                                                                                                                                                                                                                                                                                                                                                        • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000041,00000500,-00000027,00000000,00000000,00000000), ref: 001F2A77
                                                                                                                                                                                                                                                                                                                                                                                        • GetStockObject.GDI32(00000011), ref: 001F2A82
                                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000030,00000000,?,50000000), ref: 001F2A8D
                                                                                                                                                                                                                                                                                                                                                                                        • ShowWindow.USER32(00000004,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?,?,?), ref: 001F2A97
                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: Window$Create$MessageSend$ObjectRect$Stock$AdjustCapsClientDeleteDestroyDeviceFaceFontInfoParametersSelectShowSystemText
                                                                                                                                                                                                                                                                                                                                                                                        • String ID: AutoIt v3$DISPLAY$msctls_progress32$static
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2910397461-517079104
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 6646c668cfd53743b31e8aa1579a413623eb2cb75c57a9c9c7dbc6cff3cc868a
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 1191ff4987bf9128317488f8d61846c70d365abbe79cc569a337cf2b4a5da06d
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6646c668cfd53743b31e8aa1579a413623eb2cb75c57a9c9c7dbc6cff3cc868a
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3EB15EB5A40209AFDB14DFA4DC89FAE7BB9EB45710F108254FA15E72D1D770AD40CB50
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • SetErrorMode.KERNEL32(00000001), ref: 001E4AED
                                                                                                                                                                                                                                                                                                                                                                                        • GetDriveTypeW.KERNEL32(?,0020CB68,?,\\.\,0020CC08), ref: 001E4BCA
                                                                                                                                                                                                                                                                                                                                                                                        • SetErrorMode.KERNEL32(00000000,0020CB68,?,\\.\,0020CC08), ref: 001E4D36
                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: ErrorMode$DriveType
                                                                                                                                                                                                                                                                                                                                                                                        • String ID: 1394$ATA$ATAPI$CDROM$Fibre$FileBackedVirtual$Fixed$MMC$Network$PhysicalDrive$RAID$RAMDisk$Removable$SAS$SATA$SCSI$SSA$SSD$USB$Unknown$Virtual$\\.\$iSCSI
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2907320926-4222207086
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 84ab3321391b969135d0312701f1e593b4c707dc1db7b19145d60e51b3a57d74
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 053d004aa07cfdaae71e93ac95d50e80e08e47a508467852743dec989a48961c
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 84ab3321391b969135d0312701f1e593b4c707dc1db7b19145d60e51b3a57d74
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 00611470711A49ABCB08DF26CA86D6C77F4BB15700F34C416F80AAB692DB31ED81DB51
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • GetSysColor.USER32(00000012), ref: 00207421
                                                                                                                                                                                                                                                                                                                                                                                        • SetTextColor.GDI32(?,?), ref: 00207425
                                                                                                                                                                                                                                                                                                                                                                                        • GetSysColorBrush.USER32(0000000F), ref: 0020743B
                                                                                                                                                                                                                                                                                                                                                                                        • GetSysColor.USER32(0000000F), ref: 00207446
                                                                                                                                                                                                                                                                                                                                                                                        • CreateSolidBrush.GDI32(?), ref: 0020744B
                                                                                                                                                                                                                                                                                                                                                                                        • GetSysColor.USER32(00000011), ref: 00207463
                                                                                                                                                                                                                                                                                                                                                                                        • CreatePen.GDI32(00000000,00000001,00743C00), ref: 00207471
                                                                                                                                                                                                                                                                                                                                                                                        • SelectObject.GDI32(?,00000000), ref: 00207482
                                                                                                                                                                                                                                                                                                                                                                                        • SetBkColor.GDI32(?,00000000), ref: 0020748B
                                                                                                                                                                                                                                                                                                                                                                                        • SelectObject.GDI32(?,?), ref: 00207498
                                                                                                                                                                                                                                                                                                                                                                                        • InflateRect.USER32(?,000000FF,000000FF), ref: 002074B7
                                                                                                                                                                                                                                                                                                                                                                                        • RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 002074CE
                                                                                                                                                                                                                                                                                                                                                                                        • GetWindowLongW.USER32(00000000,000000F0), ref: 002074DB
                                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 0020752A
                                                                                                                                                                                                                                                                                                                                                                                        • GetWindowTextW.USER32(00000000,00000000,00000001), ref: 00207554
                                                                                                                                                                                                                                                                                                                                                                                        • InflateRect.USER32(?,000000FD,000000FD), ref: 00207572
                                                                                                                                                                                                                                                                                                                                                                                        • DrawFocusRect.USER32(?,?), ref: 0020757D
                                                                                                                                                                                                                                                                                                                                                                                        • GetSysColor.USER32(00000011), ref: 0020758E
                                                                                                                                                                                                                                                                                                                                                                                        • SetTextColor.GDI32(?,00000000), ref: 00207596
                                                                                                                                                                                                                                                                                                                                                                                        • DrawTextW.USER32(?,002070F5,000000FF,?,00000000), ref: 002075A8
                                                                                                                                                                                                                                                                                                                                                                                        • SelectObject.GDI32(?,?), ref: 002075BF
                                                                                                                                                                                                                                                                                                                                                                                        • DeleteObject.GDI32(?), ref: 002075CA
                                                                                                                                                                                                                                                                                                                                                                                        • SelectObject.GDI32(?,?), ref: 002075D0
                                                                                                                                                                                                                                                                                                                                                                                        • DeleteObject.GDI32(?), ref: 002075D5
                                                                                                                                                                                                                                                                                                                                                                                        • SetTextColor.GDI32(?,?), ref: 002075DB
                                                                                                                                                                                                                                                                                                                                                                                        • SetBkColor.GDI32(?,?), ref: 002075E5
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: Color$Object$Text$RectSelect$BrushCreateDeleteDrawInflateWindow$FocusLongMessageRoundSendSolid
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1996641542-0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 760252f15d50acf9b48f84a050a9372ce885df5c6315982f83aa27ef6726ce26
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 3304611d6cf1739b05d7a967c56050834376c3323289f10eb518665b3fa4b53d
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 760252f15d50acf9b48f84a050a9372ce885df5c6315982f83aa27ef6726ce26
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 01616075D00219AFDB019FA4DC49ADEBF79EB09320F214215F915B72E2D771A950CF90
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • GetCursorPos.USER32(?), ref: 00201128
                                                                                                                                                                                                                                                                                                                                                                                        • GetDesktopWindow.USER32 ref: 0020113D
                                                                                                                                                                                                                                                                                                                                                                                        • GetWindowRect.USER32(00000000), ref: 00201144
                                                                                                                                                                                                                                                                                                                                                                                        • GetWindowLongW.USER32(?,000000F0), ref: 00201199
                                                                                                                                                                                                                                                                                                                                                                                        • DestroyWindow.USER32(?), ref: 002011B9
                                                                                                                                                                                                                                                                                                                                                                                        • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,7FFFFFFD,80000000,80000000,80000000,80000000,00000000,00000000,00000000,00000000), ref: 002011ED
                                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 0020120B
                                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 0020121D
                                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00000421,?,?), ref: 00201232
                                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,0000041D,00000000,00000000), ref: 00201245
                                                                                                                                                                                                                                                                                                                                                                                        • IsWindowVisible.USER32(00000000), ref: 002012A1
                                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00000412,00000000,D8F0D8F0), ref: 002012BC
                                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00000411,00000001,00000030), ref: 002012D0
                                                                                                                                                                                                                                                                                                                                                                                        • GetWindowRect.USER32(00000000,?), ref: 002012E8
                                                                                                                                                                                                                                                                                                                                                                                        • MonitorFromPoint.USER32(?,?,00000002), ref: 0020130E
                                                                                                                                                                                                                                                                                                                                                                                        • GetMonitorInfoW.USER32(00000000,?), ref: 00201328
                                                                                                                                                                                                                                                                                                                                                                                        • CopyRect.USER32(?,?), ref: 0020133F
                                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00000412,00000000), ref: 002013AA
                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: MessageSendWindow$Rect$Monitor$CopyCreateCursorDesktopDestroyFromInfoLongPointVisible
                                                                                                                                                                                                                                                                                                                                                                                        • String ID: ($0$tooltips_class32
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 698492251-4156429822
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 2d86074b692c96d7041669fa710f1ca11d4de49cfd3dfde7bb684bf8102aab00
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: a82ae5bbcd564136a77367d371cd3a3827071465e91dca79dfd92da98c6cddc2
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2d86074b692c96d7041669fa710f1ca11d4de49cfd3dfde7bb684bf8102aab00
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 79B1AC71618341AFD714DF64D888B6EBBE4FF84714F00891CF9999B2A2C771E864CB91
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 00188968
                                                                                                                                                                                                                                                                                                                                                                                        • GetSystemMetrics.USER32(00000007), ref: 00188970
                                                                                                                                                                                                                                                                                                                                                                                        • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 0018899B
                                                                                                                                                                                                                                                                                                                                                                                        • GetSystemMetrics.USER32(00000008), ref: 001889A3
                                                                                                                                                                                                                                                                                                                                                                                        • GetSystemMetrics.USER32(00000004), ref: 001889C8
                                                                                                                                                                                                                                                                                                                                                                                        • SetRect.USER32(000000FF,00000000,00000000,000000FF,000000FF), ref: 001889E5
                                                                                                                                                                                                                                                                                                                                                                                        • AdjustWindowRectEx.USER32(000000FF,?,00000000,?), ref: 001889F5
                                                                                                                                                                                                                                                                                                                                                                                        • CreateWindowExW.USER32(?,AutoIt v3 GUI,?,?,?,000000FF,000000FF,000000FF,?,00000000,00000000), ref: 00188A28
                                                                                                                                                                                                                                                                                                                                                                                        • SetWindowLongW.USER32(00000000,000000EB,00000000), ref: 00188A3C
                                                                                                                                                                                                                                                                                                                                                                                        • GetClientRect.USER32(00000000,000000FF), ref: 00188A5A
                                                                                                                                                                                                                                                                                                                                                                                        • GetStockObject.GDI32(00000011), ref: 00188A76
                                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00000030,00000000), ref: 00188A81
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 0018912D: GetCursorPos.USER32(?), ref: 00189141
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 0018912D: ScreenToClient.USER32(00000000,?), ref: 0018915E
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 0018912D: GetAsyncKeyState.USER32(00000001), ref: 00189183
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 0018912D: GetAsyncKeyState.USER32(00000002), ref: 0018919D
                                                                                                                                                                                                                                                                                                                                                                                        • SetTimer.USER32(00000000,00000000,00000028,001890FC), ref: 00188AA8
                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: System$MetricsRectWindow$AsyncClientInfoParametersState$AdjustCreateCursorLongMessageObjectScreenSendStockTimer
                                                                                                                                                                                                                                                                                                                                                                                        • String ID: AutoIt v3 GUI
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1458621304-248962490
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 2f7af2d523242e1f0debd342eff4c42078ed6acbd781e99101ba49a1b653c278
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: f86a3e6ee8d72b3f53f3e683bc17e6a46974fdc0624d05b7a828015bd468a82b
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2f7af2d523242e1f0debd342eff4c42078ed6acbd781e99101ba49a1b653c278
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 81B17A75A00209AFDB14EFA8DC89FAE3BB5FB48314F114229FA15A7290DB34E951CF51
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 001D10F9: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 001D1114
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 001D10F9: GetLastError.KERNEL32(?,00000000,00000000,?,?,001D0B9B,?,?,?), ref: 001D1120
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 001D10F9: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,001D0B9B,?,?,?), ref: 001D112F
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 001D10F9: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,001D0B9B,?,?,?), ref: 001D1136
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 001D10F9: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 001D114D
                                                                                                                                                                                                                                                                                                                                                                                        • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 001D0DF5
                                                                                                                                                                                                                                                                                                                                                                                        • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 001D0E29
                                                                                                                                                                                                                                                                                                                                                                                        • GetLengthSid.ADVAPI32(?), ref: 001D0E40
                                                                                                                                                                                                                                                                                                                                                                                        • GetAce.ADVAPI32(?,00000000,?), ref: 001D0E7A
                                                                                                                                                                                                                                                                                                                                                                                        • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 001D0E96
                                                                                                                                                                                                                                                                                                                                                                                        • GetLengthSid.ADVAPI32(?), ref: 001D0EAD
                                                                                                                                                                                                                                                                                                                                                                                        • GetProcessHeap.KERNEL32(00000008,00000008), ref: 001D0EB5
                                                                                                                                                                                                                                                                                                                                                                                        • HeapAlloc.KERNEL32(00000000), ref: 001D0EBC
                                                                                                                                                                                                                                                                                                                                                                                        • GetLengthSid.ADVAPI32(?,00000008,?), ref: 001D0EDD
                                                                                                                                                                                                                                                                                                                                                                                        • CopySid.ADVAPI32(00000000), ref: 001D0EE4
                                                                                                                                                                                                                                                                                                                                                                                        • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 001D0F13
                                                                                                                                                                                                                                                                                                                                                                                        • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 001D0F35
                                                                                                                                                                                                                                                                                                                                                                                        • SetUserObjectSecurity.USER32(?,00000004,?), ref: 001D0F47
                                                                                                                                                                                                                                                                                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000), ref: 001D0F6E
                                                                                                                                                                                                                                                                                                                                                                                        • HeapFree.KERNEL32(00000000), ref: 001D0F75
                                                                                                                                                                                                                                                                                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000), ref: 001D0F7E
                                                                                                                                                                                                                                                                                                                                                                                        • HeapFree.KERNEL32(00000000), ref: 001D0F85
                                                                                                                                                                                                                                                                                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000), ref: 001D0F8E
                                                                                                                                                                                                                                                                                                                                                                                        • HeapFree.KERNEL32(00000000), ref: 001D0F95
                                                                                                                                                                                                                                                                                                                                                                                        • GetProcessHeap.KERNEL32(00000000,?), ref: 001D0FA1
                                                                                                                                                                                                                                                                                                                                                                                        • HeapFree.KERNEL32(00000000), ref: 001D0FA8
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 001D1193: GetProcessHeap.KERNEL32(00000008,001D0BB1,?,00000000,?,001D0BB1,?), ref: 001D11A1
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 001D1193: HeapAlloc.KERNEL32(00000000,?,00000000,?,001D0BB1,?), ref: 001D11A8
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 001D1193: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,001D0BB1,?), ref: 001D11B7
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 4175595110-0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: cf9a55061ce3da276b32d888fd3a98a3a54eb37088eca799d2e1c93b2a1a0749
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: d98b5e0f1c84ca67b15477de16c76ff31dd68b6601140a58eca0b923ca98edc6
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: cf9a55061ce3da276b32d888fd3a98a3a54eb37088eca799d2e1c93b2a1a0749
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 417152B2900309ABDF119FA5DC48FEEBBB9BF08310F244216F959E6291D7719905CB60
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 001FC4BD
                                                                                                                                                                                                                                                                                                                                                                                        • RegCreateKeyExW.ADVAPI32(?,?,00000000,0020CC08,00000000,?,00000000,?,?), ref: 001FC544
                                                                                                                                                                                                                                                                                                                                                                                        • RegCloseKey.ADVAPI32(00000000,00000000,00000000), ref: 001FC5A4
                                                                                                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 001FC5F4
                                                                                                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 001FC66F
                                                                                                                                                                                                                                                                                                                                                                                        • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000001,?,?), ref: 001FC6B2
                                                                                                                                                                                                                                                                                                                                                                                        • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000007,?,?), ref: 001FC7C1
                                                                                                                                                                                                                                                                                                                                                                                        • RegSetValueExW.ADVAPI32(00000001,?,00000000,0000000B,?,00000008), ref: 001FC84D
                                                                                                                                                                                                                                                                                                                                                                                        • RegCloseKey.ADVAPI32(?), ref: 001FC881
                                                                                                                                                                                                                                                                                                                                                                                        • RegCloseKey.ADVAPI32(00000000), ref: 001FC88E
                                                                                                                                                                                                                                                                                                                                                                                        • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000003,00000000,00000000), ref: 001FC960
                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: Value$Close$_wcslen$ConnectCreateRegistry
                                                                                                                                                                                                                                                                                                                                                                                        • String ID: REG_BINARY$REG_DWORD$REG_EXPAND_SZ$REG_MULTI_SZ$REG_QWORD$REG_SZ
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 9721498-966354055
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 0c342cea8b9e38767bb0513e110237f9c27f91a7e6f1a322a89e4b59bbbe1fc0
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 07c11a74c4354f5511c3fd94fe4f06f5e33c68999ed519855e07149efafcf572
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0c342cea8b9e38767bb0513e110237f9c27f91a7e6f1a322a89e4b59bbbe1fc0
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 651266756042059FDB14DF24C981A2AB7F5FF88724F14889CF98A9B3A2DB31ED41DB81
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • CharUpperBuffW.USER32(?,?), ref: 002009C6
                                                                                                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 00200A01
                                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 00200A54
                                                                                                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 00200A8A
                                                                                                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 00200B06
                                                                                                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 00200B81
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 0018F9F2: _wcslen.LIBCMT ref: 0018F9FD
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 001D2BE8: SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 001D2BFA
                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: _wcslen$MessageSend$BuffCharUpper
                                                                                                                                                                                                                                                                                                                                                                                        • String ID: CHECK$COLLAPSE$EXISTS$EXPAND$GETITEMCOUNT$GETSELECTED$GETTEXT$GETTOTALCOUNT$ISCHECKED$SELECT$UNCHECK
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1103490817-4258414348
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: fbfa3ea3fcf24dbd32d571e522ca0181f4275529a47d43aa4798934e6a38a4a8
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 6dc2aef6f94898f15f3a515451bb48e6344229bb56d5fa3c7d63f7fb39ed8eb3
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: fbfa3ea3fcf24dbd32d571e522ca0181f4275529a47d43aa4798934e6a38a4a8
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BEE1A0712283029FDB14DF24C490A2AB7E1FFA9318F14895DF8995B3A2D730ED55CB91
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: _wcslen$BuffCharUpper
                                                                                                                                                                                                                                                                                                                                                                                        • String ID: HKCC$HKCR$HKCU$HKEY_CLASSES_ROOT$HKEY_CURRENT_CONFIG$HKEY_CURRENT_USER$HKEY_LOCAL_MACHINE$HKEY_USERS$HKLM$HKU
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1256254125-909552448
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 1617f3806bac2b084dd986646bf7f8779653fb7034221d2bd15e25a1981ff67a
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: e6be702c51fe5bb879c417fce4145109dc76143c0a849f9ba706896b8e34a6f6
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1617f3806bac2b084dd986646bf7f8779653fb7034221d2bd15e25a1981ff67a
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E9710372A1012E8BCF20DE7CCA515BA33A1AFB0794F250528FA5697284FB31DD55E7E0
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 0020835A
                                                                                                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 0020836E
                                                                                                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 00208391
                                                                                                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 002083B4
                                                                                                                                                                                                                                                                                                                                                                                        • LoadImageW.USER32(00000000,?,00000001,?,?,00002010), ref: 002083F2
                                                                                                                                                                                                                                                                                                                                                                                        • LoadLibraryExW.KERNEL32(?,00000000,00000032,?,?,00000001,?,?,?,0020361A,?), ref: 0020844E
                                                                                                                                                                                                                                                                                                                                                                                        • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00208487
                                                                                                                                                                                                                                                                                                                                                                                        • LoadImageW.USER32(00000000,?,00000001,?,?,00000000), ref: 002084CA
                                                                                                                                                                                                                                                                                                                                                                                        • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00208501
                                                                                                                                                                                                                                                                                                                                                                                        • FreeLibrary.KERNEL32(?), ref: 0020850D
                                                                                                                                                                                                                                                                                                                                                                                        • ExtractIconExW.SHELL32(?,00000000,00000000,00000000,00000001), ref: 0020851D
                                                                                                                                                                                                                                                                                                                                                                                        • DestroyIcon.USER32(?), ref: 0020852C
                                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00000170,00000000,00000000), ref: 00208549
                                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00000064,00000172,00000001), ref: 00208555
                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: Load$Image_wcslen$IconLibraryMessageSend$DestroyExtractFree
                                                                                                                                                                                                                                                                                                                                                                                        • String ID: .dll$.exe$.icl
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 799131459-1154884017
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 218d1eda0e3ced2bb82a8fd67c9ef3dc255d6fa9e7e42b5ca4c375ba63bb94e2
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 53c9b1aff8b7edf152bcff56e47276be3f140cf22a67325d48592bd47126e3e1
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 218d1eda0e3ced2bb82a8fd67c9ef3dc255d6fa9e7e42b5ca4c375ba63bb94e2
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BD61E3B1510316BBEB14CF64DC85FBF7BA8BB08721F104609F855D61D2DB749960C7A0
                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                                                                                                                        • String ID: "$#OnAutoItStartRegister$#ce$#comments-end$#comments-start$#cs$#include$#include-once$#notrayicon$#pragma compile$#requireadmin$'$Bad directive syntax error$Cannot parse #include$Unterminated group of comments
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 0-1645009161
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: e0c18dfc73587d73d262b4eccb7c3f05794dd0eb3e6f521bfea60acea4f811d5
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: b124a54e450d9a21daec3d92a1a3d9cc86c3d38b79fa9c9ab99acd8b9f11adf0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e0c18dfc73587d73d262b4eccb7c3f05794dd0eb3e6f521bfea60acea4f811d5
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6A810771644205BBDB25BF64DC86FEE37B9AF25300F058025F908AB1D6EB70DA21C7A1
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • CharLowerBuffW.USER32(?,?), ref: 001E3EF8
                                                                                                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 001E3F03
                                                                                                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 001E3F5A
                                                                                                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 001E3F98
                                                                                                                                                                                                                                                                                                                                                                                        • GetDriveTypeW.KERNEL32(?), ref: 001E3FD6
                                                                                                                                                                                                                                                                                                                                                                                        • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 001E401E
                                                                                                                                                                                                                                                                                                                                                                                        • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 001E4059
                                                                                                                                                                                                                                                                                                                                                                                        • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 001E4087
                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: SendString_wcslen$BuffCharDriveLowerType
                                                                                                                                                                                                                                                                                                                                                                                        • String ID: type cdaudio alias cd wait$ wait$close$close cd wait$closed$open$open $set cd door
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1839972693-4113822522
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 3e401d9974bdb9328493852d5c1f3e3745a71832cff1ba5c67206b9cd84fc7bb
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 01c1f988354c64650cf2d996817f1eb0cddba9fe0deccd27afa9e5e590a47f80
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3e401d9974bdb9328493852d5c1f3e3745a71832cff1ba5c67206b9cd84fc7bb
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E871D2716047019FC710EF25C8858AEB7F4EFA5758F10892DF8A997291EB30DE45CB92
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • LoadIconW.USER32(00000063), ref: 001D5A2E
                                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00000080,00000000,00000000), ref: 001D5A40
                                                                                                                                                                                                                                                                                                                                                                                        • SetWindowTextW.USER32(?,?), ref: 001D5A57
                                                                                                                                                                                                                                                                                                                                                                                        • GetDlgItem.USER32(?,000003EA), ref: 001D5A6C
                                                                                                                                                                                                                                                                                                                                                                                        • SetWindowTextW.USER32(00000000,?), ref: 001D5A72
                                                                                                                                                                                                                                                                                                                                                                                        • GetDlgItem.USER32(?,000003E9), ref: 001D5A82
                                                                                                                                                                                                                                                                                                                                                                                        • SetWindowTextW.USER32(00000000,?), ref: 001D5A88
                                                                                                                                                                                                                                                                                                                                                                                        • SendDlgItemMessageW.USER32(?,000003E9,000000CC,?,00000000), ref: 001D5AA9
                                                                                                                                                                                                                                                                                                                                                                                        • SendDlgItemMessageW.USER32(?,000003E9,000000C5,00000000,00000000), ref: 001D5AC3
                                                                                                                                                                                                                                                                                                                                                                                        • GetWindowRect.USER32(?,?), ref: 001D5ACC
                                                                                                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 001D5B33
                                                                                                                                                                                                                                                                                                                                                                                        • SetWindowTextW.USER32(?,?), ref: 001D5B6F
                                                                                                                                                                                                                                                                                                                                                                                        • GetDesktopWindow.USER32 ref: 001D5B75
                                                                                                                                                                                                                                                                                                                                                                                        • GetWindowRect.USER32(00000000), ref: 001D5B7C
                                                                                                                                                                                                                                                                                                                                                                                        • MoveWindow.USER32(?,?,00000080,00000000,?,00000000), ref: 001D5BD3
                                                                                                                                                                                                                                                                                                                                                                                        • GetClientRect.USER32(?,?), ref: 001D5BE0
                                                                                                                                                                                                                                                                                                                                                                                        • PostMessageW.USER32(?,00000005,00000000,?), ref: 001D5C05
                                                                                                                                                                                                                                                                                                                                                                                        • SetTimer.USER32(?,0000040A,00000000,00000000), ref: 001D5C2F
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: Window$ItemMessageText$RectSend$ClientDesktopIconLoadMovePostTimer_wcslen
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 895679908-0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 8306dc8023631e4b62db64558a4ceab0a972e2ef5eaec2fde1e360ca9462d483
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 2530e3b8ff7257908e4e44957c06e9212e76861fce559f83fca0ebe3f99a3320
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8306dc8023631e4b62db64558a4ceab0a972e2ef5eaec2fde1e360ca9462d483
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 07717071900B05AFDB20DFA8CD89A6EBBF6FF48704F10461AE542A36A0D775E944CF50
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • LoadCursorW.USER32(00000000,00007F89), ref: 001EFE27
                                                                                                                                                                                                                                                                                                                                                                                        • LoadCursorW.USER32(00000000,00007F8A), ref: 001EFE32
                                                                                                                                                                                                                                                                                                                                                                                        • LoadCursorW.USER32(00000000,00007F00), ref: 001EFE3D
                                                                                                                                                                                                                                                                                                                                                                                        • LoadCursorW.USER32(00000000,00007F03), ref: 001EFE48
                                                                                                                                                                                                                                                                                                                                                                                        • LoadCursorW.USER32(00000000,00007F8B), ref: 001EFE53
                                                                                                                                                                                                                                                                                                                                                                                        • LoadCursorW.USER32(00000000,00007F01), ref: 001EFE5E
                                                                                                                                                                                                                                                                                                                                                                                        • LoadCursorW.USER32(00000000,00007F81), ref: 001EFE69
                                                                                                                                                                                                                                                                                                                                                                                        • LoadCursorW.USER32(00000000,00007F88), ref: 001EFE74
                                                                                                                                                                                                                                                                                                                                                                                        • LoadCursorW.USER32(00000000,00007F80), ref: 001EFE7F
                                                                                                                                                                                                                                                                                                                                                                                        • LoadCursorW.USER32(00000000,00007F86), ref: 001EFE8A
                                                                                                                                                                                                                                                                                                                                                                                        • LoadCursorW.USER32(00000000,00007F83), ref: 001EFE95
                                                                                                                                                                                                                                                                                                                                                                                        • LoadCursorW.USER32(00000000,00007F85), ref: 001EFEA0
                                                                                                                                                                                                                                                                                                                                                                                        • LoadCursorW.USER32(00000000,00007F82), ref: 001EFEAB
                                                                                                                                                                                                                                                                                                                                                                                        • LoadCursorW.USER32(00000000,00007F84), ref: 001EFEB6
                                                                                                                                                                                                                                                                                                                                                                                        • LoadCursorW.USER32(00000000,00007F04), ref: 001EFEC1
                                                                                                                                                                                                                                                                                                                                                                                        • LoadCursorW.USER32(00000000,00007F02), ref: 001EFECC
                                                                                                                                                                                                                                                                                                                                                                                        • GetCursorInfo.USER32(?), ref: 001EFEDC
                                                                                                                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32 ref: 001EFF1E
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: Cursor$Load$ErrorInfoLast
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3215588206-0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 4430469c3a54c2d73bfa1f3ee4c02a7abddf80a9a4111cf13594650d550ca0c5
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: d3dfa9bdfaa6c0d2bc9cb9edfc06047c52a6ee11ce948a359d333536fb33d68c
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4430469c3a54c2d73bfa1f3ee4c02a7abddf80a9a4111cf13594650d550ca0c5
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 964163B0D043596ADB10DFBA8C8985EBFE8FF04354B50852AF51DE7281DB78A901CF91
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: _wcslen
                                                                                                                                                                                                                                                                                                                                                                                        • String ID: CLASS$CLASSNN$INSTANCE$NAME$REGEXPCLASS$TEXT$[#
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 176396367-1113138700
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: c34313f7100e51334c088d307ebb0a1cf41db58df3beaa4d5645da5a673ce918
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 14594ad171634bac0a2ad408659d5154bf6d0fb994fbf17ef5ba409f180d0903
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c34313f7100e51334c088d307ebb0a1cf41db58df3beaa4d5645da5a673ce918
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 89E1E532A00526ABCF189F68C451AEEFBB1BF54754F54811BE46AB7340DB30AF85C7A1
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • __scrt_initialize_thread_safe_statics_platform_specific.LIBCMT ref: 001900C6
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 001900ED: InitializeCriticalSectionAndSpinCount.KERNEL32(0024070C,00000FA0,FB72C45A,?,?,?,?,001B23B3,000000FF), ref: 0019011C
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 001900ED: GetModuleHandleW.KERNEL32(api-ms-win-core-synch-l1-2-0.dll,?,?,?,?,001B23B3,000000FF), ref: 00190127
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 001900ED: GetModuleHandleW.KERNEL32(kernel32.dll,?,?,?,?,001B23B3,000000FF), ref: 00190138
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 001900ED: GetProcAddress.KERNEL32(00000000,InitializeConditionVariable), ref: 0019014E
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 001900ED: GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 0019015C
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 001900ED: GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 0019016A
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 001900ED: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 00190195
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 001900ED: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 001901A0
                                                                                                                                                                                                                                                                                                                                                                                        • ___scrt_fastfail.LIBCMT ref: 001900E7
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 001900A3: __onexit.LIBCMT ref: 001900A9
                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                        • kernel32.dll, xrefs: 00190133
                                                                                                                                                                                                                                                                                                                                                                                        • SleepConditionVariableCS, xrefs: 00190154
                                                                                                                                                                                                                                                                                                                                                                                        • api-ms-win-core-synch-l1-2-0.dll, xrefs: 00190122
                                                                                                                                                                                                                                                                                                                                                                                        • InitializeConditionVariable, xrefs: 00190148
                                                                                                                                                                                                                                                                                                                                                                                        • WakeAllConditionVariable, xrefs: 00190162
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: AddressProc$HandleModule__crt_fast_encode_pointer$CountCriticalInitializeSectionSpin___scrt_fastfail__onexit__scrt_initialize_thread_safe_statics_platform_specific
                                                                                                                                                                                                                                                                                                                                                                                        • String ID: InitializeConditionVariable$SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 66158676-1714406822
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 0733623a119dadf0513f1e9eb5296fd16f16b4d0fca94859c3bc51d67999b0d7
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 60d9fbf97eccc6969093a6ddd2a5b53722f56feed8766592f251a618a71494cb
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0733623a119dadf0513f1e9eb5296fd16f16b4d0fca94859c3bc51d67999b0d7
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BF213E72A54710AFDB226BA4BC4DB6973D4DB0DF51F100239F901E76D2DB709C408A51
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • CharLowerBuffW.USER32(00000000,00000000,0020CC08), ref: 001E4527
                                                                                                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 001E453B
                                                                                                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 001E4599
                                                                                                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 001E45F4
                                                                                                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 001E463F
                                                                                                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 001E46A7
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 0018F9F2: _wcslen.LIBCMT ref: 0018F9FD
                                                                                                                                                                                                                                                                                                                                                                                        • GetDriveTypeW.KERNEL32(?,00236BF0,00000061), ref: 001E4743
                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: _wcslen$BuffCharDriveLowerType
                                                                                                                                                                                                                                                                                                                                                                                        • String ID: all$cdrom$fixed$network$ramdisk$removable$unknown
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2055661098-1000479233
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: f3ff3ef752b3528163977f9b571835597ba936c65f3f373d7ef523258af1de0e
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: ae529b0940987a3cf4f7ce39e7a20e1bf324749d358ef32d83b9e2f71a4435ef
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f3ff3ef752b3528163977f9b571835597ba936c65f3f373d7ef523258af1de0e
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9AB134716087429FC714DF2AC890A6EB7F5BFA9724F50891DF09AC7291D730D845CB92
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00189BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00189BB2
                                                                                                                                                                                                                                                                                                                                                                                        • DragQueryPoint.SHELL32(?,?), ref: 00209147
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00207674: ClientToScreen.USER32(?,?), ref: 0020769A
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00207674: GetWindowRect.USER32(?,?), ref: 00207710
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00207674: PtInRect.USER32(?,?,00208B89), ref: 00207720
                                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,000000B0,?,?), ref: 002091B0
                                                                                                                                                                                                                                                                                                                                                                                        • DragQueryFileW.SHELL32(?,000000FF,00000000,00000000), ref: 002091BB
                                                                                                                                                                                                                                                                                                                                                                                        • DragQueryFileW.SHELL32(?,00000000,?,00000104), ref: 002091DE
                                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,000000C2,00000001,?), ref: 00209225
                                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,000000B0,?,?), ref: 0020923E
                                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,000000B1,?,?), ref: 00209255
                                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,000000B1,?,?), ref: 00209277
                                                                                                                                                                                                                                                                                                                                                                                        • DragFinish.SHELL32(?), ref: 0020927E
                                                                                                                                                                                                                                                                                                                                                                                        • DefDlgProcW.USER32(?,00000233,?,00000000,?,?,?), ref: 00209371
                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: MessageSend$Drag$Query$FileRectWindow$ClientFinishLongPointProcScreen
                                                                                                                                                                                                                                                                                                                                                                                        • String ID: @GUI_DRAGFILE$@GUI_DRAGID$@GUI_DROPID$p#$
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 221274066-1279969420
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 766dcad47a0711eae71d88bfc7aa16c3fe295f0a58e9c6021aa26701289b7db7
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 6bd1daa5d5ba01d40178f1c87199e91668063b067bc2425998f5b857e4c121c6
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 766dcad47a0711eae71d88bfc7aa16c3fe295f0a58e9c6021aa26701289b7db7
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 00617771108301AFC705DF64DC89DAFBBF8EF99350F104A1EF596921A2DB309A59CB52
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • GetMenuItemCount.USER32(00241990), ref: 001B2F8D
                                                                                                                                                                                                                                                                                                                                                                                        • GetMenuItemCount.USER32(00241990), ref: 001B303D
                                                                                                                                                                                                                                                                                                                                                                                        • GetCursorPos.USER32(?), ref: 001B3081
                                                                                                                                                                                                                                                                                                                                                                                        • SetForegroundWindow.USER32(00000000), ref: 001B308A
                                                                                                                                                                                                                                                                                                                                                                                        • TrackPopupMenuEx.USER32(00241990,00000000,?,00000000,00000000,00000000), ref: 001B309D
                                                                                                                                                                                                                                                                                                                                                                                        • PostMessageW.USER32(00000000,00000000,00000000,00000000), ref: 001B30A9
                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: Menu$CountItem$CursorForegroundMessagePopupPostTrackWindow
                                                                                                                                                                                                                                                                                                                                                                                        • String ID: 0
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 36266755-4108050209
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 47c38d22abd799842ab473257737940f0f662558d07b5bc567e8d3d208f88730
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 6b87840e28e4c98299a7e2a06b4234d82ff2fb6a069c38b6becd0758ac99fc63
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 47c38d22abd799842ab473257737940f0f662558d07b5bc567e8d3d208f88730
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FD7148B0644205BEEB259F64DC89FEABF78FF05324F204206F5296A1E1C7B1AD14DB90
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • DestroyWindow.USER32(00000000,?), ref: 00206DEB
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00176B57: _wcslen.LIBCMT ref: 00176B6A
                                                                                                                                                                                                                                                                                                                                                                                        • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00000000,?), ref: 00206E5F
                                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00000433,00000000,00000030), ref: 00206E81
                                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00206E94
                                                                                                                                                                                                                                                                                                                                                                                        • DestroyWindow.USER32(?), ref: 00206EB5
                                                                                                                                                                                                                                                                                                                                                                                        • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00170000,00000000), ref: 00206EE4
                                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00206EFD
                                                                                                                                                                                                                                                                                                                                                                                        • GetDesktopWindow.USER32 ref: 00206F16
                                                                                                                                                                                                                                                                                                                                                                                        • GetWindowRect.USER32(00000000), ref: 00206F1D
                                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 00206F35
                                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00000421,?,00000000), ref: 00206F4D
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00189944: GetWindowLongW.USER32(?,000000EB), ref: 00189952
                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: Window$MessageSend$CreateDestroy$DesktopLongRect_wcslen
                                                                                                                                                                                                                                                                                                                                                                                        • String ID: 0$tooltips_class32
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2429346358-3619404913
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 1122e8255a66741ac9ea9cef50b0aaab9c35edf4a35d2f80059e64fc7e88ac6d
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 37804c0d61131fc0bb4588dfe095b41f96d3211b976205446eae17ee0c843520
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1122e8255a66741ac9ea9cef50b0aaab9c35edf4a35d2f80059e64fc7e88ac6d
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 05717BB4114346AFDB25CF18EC4CE6ABBF9FB89304F14051DF989872A2C771A966CB11
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 001EC4B0
                                                                                                                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 001EC4C3
                                                                                                                                                                                                                                                                                                                                                                                        • SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 001EC4D7
                                                                                                                                                                                                                                                                                                                                                                                        • HttpOpenRequestW.WININET(00000000,00000000,?,00000000,00000000,00000000,?,00000000), ref: 001EC4F0
                                                                                                                                                                                                                                                                                                                                                                                        • InternetQueryOptionW.WININET(00000000,0000001F,?,?), ref: 001EC533
                                                                                                                                                                                                                                                                                                                                                                                        • InternetSetOptionW.WININET(00000000,0000001F,00000100,00000004), ref: 001EC549
                                                                                                                                                                                                                                                                                                                                                                                        • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 001EC554
                                                                                                                                                                                                                                                                                                                                                                                        • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 001EC584
                                                                                                                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 001EC5DC
                                                                                                                                                                                                                                                                                                                                                                                        • SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 001EC5F0
                                                                                                                                                                                                                                                                                                                                                                                        • InternetCloseHandle.WININET(00000000), ref: 001EC5FB
                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: Internet$Http$ErrorEventLastOptionQueryRequest$CloseConnectHandleInfoOpenSend
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3800310941-3916222277
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 99edcf8d58d8a9b71e50cd0aeacd4f03923f1188b146adeabf18aa9f90fd8821
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 520daa482982edcc5e59c421c3795bf62dd259c21615a83079326436f9c61567
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 99edcf8d58d8a9b71e50cd0aeacd4f03923f1188b146adeabf18aa9f90fd8821
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0C517FB0600B45BFDB219F61DD88AAF7BFCFF48344F10451AF94696251D730E9459BA0
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,?,00000000,?), ref: 00208592
                                                                                                                                                                                                                                                                                                                                                                                        • GetFileSize.KERNEL32(00000000,00000000), ref: 002085A2
                                                                                                                                                                                                                                                                                                                                                                                        • GlobalAlloc.KERNEL32(00000002,00000000), ref: 002085AD
                                                                                                                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 002085BA
                                                                                                                                                                                                                                                                                                                                                                                        • GlobalLock.KERNEL32(00000000), ref: 002085C8
                                                                                                                                                                                                                                                                                                                                                                                        • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 002085D7
                                                                                                                                                                                                                                                                                                                                                                                        • GlobalUnlock.KERNEL32(00000000), ref: 002085E0
                                                                                                                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 002085E7
                                                                                                                                                                                                                                                                                                                                                                                        • CreateStreamOnHGlobal.OLE32(00000000,00000001,?), ref: 002085F8
                                                                                                                                                                                                                                                                                                                                                                                        • OleLoadPicture.OLEAUT32(?,00000000,00000000,0020FC38,?), ref: 00208611
                                                                                                                                                                                                                                                                                                                                                                                        • GlobalFree.KERNEL32(00000000), ref: 00208621
                                                                                                                                                                                                                                                                                                                                                                                        • GetObjectW.GDI32(?,00000018,000000FF), ref: 00208641
                                                                                                                                                                                                                                                                                                                                                                                        • CopyImage.USER32(?,00000000,00000000,?,00002000), ref: 00208671
                                                                                                                                                                                                                                                                                                                                                                                        • DeleteObject.GDI32(00000000), ref: 00208699
                                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00000172,00000000,00000000), ref: 002086AF
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: Global$File$CloseCreateHandleObject$AllocCopyDeleteFreeImageLoadLockMessagePictureReadSendSizeStreamUnlock
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3840717409-0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: f25a1352de8e49c07eb30d5cef5daa48c01169dfe795402152b9040b42d3f61b
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 8d330a260736433ad7ef4d59e5dc3a0f18161e2198ec16a41352af9199a5f428
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f25a1352de8e49c07eb30d5cef5daa48c01169dfe795402152b9040b42d3f61b
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 22413CB1600305AFDB119F65DC8CEAB7BBCEF89711F118158F905E7292DB719901CB20
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • VariantInit.OLEAUT32(00000000), ref: 001E1502
                                                                                                                                                                                                                                                                                                                                                                                        • VariantCopy.OLEAUT32(?,?), ref: 001E150B
                                                                                                                                                                                                                                                                                                                                                                                        • VariantClear.OLEAUT32(?), ref: 001E1517
                                                                                                                                                                                                                                                                                                                                                                                        • VariantTimeToSystemTime.OLEAUT32(?,?,?), ref: 001E15FB
                                                                                                                                                                                                                                                                                                                                                                                        • VarR8FromDec.OLEAUT32(?,?), ref: 001E1657
                                                                                                                                                                                                                                                                                                                                                                                        • VariantInit.OLEAUT32(?), ref: 001E1708
                                                                                                                                                                                                                                                                                                                                                                                        • SysFreeString.OLEAUT32(?), ref: 001E178C
                                                                                                                                                                                                                                                                                                                                                                                        • VariantClear.OLEAUT32(?), ref: 001E17D8
                                                                                                                                                                                                                                                                                                                                                                                        • VariantClear.OLEAUT32(?), ref: 001E17E7
                                                                                                                                                                                                                                                                                                                                                                                        • VariantInit.OLEAUT32(00000000), ref: 001E1823
                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: Variant$ClearInit$Time$CopyFreeFromStringSystem
                                                                                                                                                                                                                                                                                                                                                                                        • String ID: %4d%02d%02d%02d%02d%02d$Default
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1234038744-3931177956
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 9be087f0c67872b6233121b3421cfa1b67f92c98ddc1a7c9369f5d8d664e2375
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 23efb0bdb34255384f5ce9ae95e62313c5eca87919c916ebad1283519ef14f8f
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9be087f0c67872b6233121b3421cfa1b67f92c98ddc1a7c9369f5d8d664e2375
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 26D14671A00A45FBDB04EF66E888BBDB7B5BF46700F21815AF806AB185DB30DD41DB61
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00179CB3: _wcslen.LIBCMT ref: 00179CBD
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 001FC998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,001FB6AE,?,?), ref: 001FC9B5
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 001FC998: _wcslen.LIBCMT ref: 001FC9F1
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 001FC998: _wcslen.LIBCMT ref: 001FCA68
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 001FC998: _wcslen.LIBCMT ref: 001FCA9E
                                                                                                                                                                                                                                                                                                                                                                                        • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 001FB6F4
                                                                                                                                                                                                                                                                                                                                                                                        • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 001FB772
                                                                                                                                                                                                                                                                                                                                                                                        • RegDeleteValueW.ADVAPI32(?,?), ref: 001FB80A
                                                                                                                                                                                                                                                                                                                                                                                        • RegCloseKey.ADVAPI32(?), ref: 001FB87E
                                                                                                                                                                                                                                                                                                                                                                                        • RegCloseKey.ADVAPI32(?), ref: 001FB89C
                                                                                                                                                                                                                                                                                                                                                                                        • LoadLibraryA.KERNEL32(advapi32.dll), ref: 001FB8F2
                                                                                                                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 001FB904
                                                                                                                                                                                                                                                                                                                                                                                        • RegDeleteKeyW.ADVAPI32(?,?), ref: 001FB922
                                                                                                                                                                                                                                                                                                                                                                                        • FreeLibrary.KERNEL32(00000000), ref: 001FB983
                                                                                                                                                                                                                                                                                                                                                                                        • RegCloseKey.ADVAPI32(00000000), ref: 001FB994
                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: _wcslen$Close$DeleteLibrary$AddressBuffCharConnectFreeLoadOpenProcRegistryUpperValue
                                                                                                                                                                                                                                                                                                                                                                                        • String ID: RegDeleteKeyExW$advapi32.dll
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 146587525-4033151799
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 2da50dff0b7ab9aacea2b366649190a5403e13d3bbb6c9b978e3da027d09e9ed
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: d6009258be8aa9537e2f1131dc369fc6b13fe8c5f81ae2a0de2d9130a6e702fb
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2da50dff0b7ab9aacea2b366649190a5403e13d3bbb6c9b978e3da027d09e9ed
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CEC18A70208205EFD714DF24C4D5F2ABBE5BF94318F24859CE69A8B2A2CB71ED45CB91
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • GetDC.USER32(00000000), ref: 001F25D8
                                                                                                                                                                                                                                                                                                                                                                                        • CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 001F25E8
                                                                                                                                                                                                                                                                                                                                                                                        • CreateCompatibleDC.GDI32(?), ref: 001F25F4
                                                                                                                                                                                                                                                                                                                                                                                        • SelectObject.GDI32(00000000,?), ref: 001F2601
                                                                                                                                                                                                                                                                                                                                                                                        • StretchBlt.GDI32(?,00000000,00000000,?,?,?,00000006,?,?,?,00CC0020), ref: 001F266D
                                                                                                                                                                                                                                                                                                                                                                                        • GetDIBits.GDI32(?,?,00000000,00000000,00000000,00000028,00000000), ref: 001F26AC
                                                                                                                                                                                                                                                                                                                                                                                        • GetDIBits.GDI32(?,?,00000000,?,00000000,00000028,00000000), ref: 001F26D0
                                                                                                                                                                                                                                                                                                                                                                                        • SelectObject.GDI32(?,?), ref: 001F26D8
                                                                                                                                                                                                                                                                                                                                                                                        • DeleteObject.GDI32(?), ref: 001F26E1
                                                                                                                                                                                                                                                                                                                                                                                        • DeleteDC.GDI32(?), ref: 001F26E8
                                                                                                                                                                                                                                                                                                                                                                                        • ReleaseDC.USER32(00000000,?), ref: 001F26F3
                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: Object$BitsCompatibleCreateDeleteSelect$BitmapReleaseStretch
                                                                                                                                                                                                                                                                                                                                                                                        • String ID: (
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2598888154-3887548279
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 51fd8a9c4f2676645815b64f939a0da54dd40cb63a60a2d5bbe19269f77d4edb
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 3077275edcc6f2d816bf1790d37ebe94de3d4d588d850b685773e9b1129f0c85
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 51fd8a9c4f2676645815b64f939a0da54dd40cb63a60a2d5bbe19269f77d4edb
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1D61F2B5D00219EFCF04CFA4D888AAEBBF6FF58310F208529EA59A7251D774A951CF50
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • ___free_lconv_mon.LIBCMT ref: 001ADAA1
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 001AD63C: _free.LIBCMT ref: 001AD659
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 001AD63C: _free.LIBCMT ref: 001AD66B
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 001AD63C: _free.LIBCMT ref: 001AD67D
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 001AD63C: _free.LIBCMT ref: 001AD68F
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 001AD63C: _free.LIBCMT ref: 001AD6A1
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 001AD63C: _free.LIBCMT ref: 001AD6B3
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 001AD63C: _free.LIBCMT ref: 001AD6C5
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 001AD63C: _free.LIBCMT ref: 001AD6D7
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 001AD63C: _free.LIBCMT ref: 001AD6E9
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 001AD63C: _free.LIBCMT ref: 001AD6FB
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 001AD63C: _free.LIBCMT ref: 001AD70D
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 001AD63C: _free.LIBCMT ref: 001AD71F
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 001AD63C: _free.LIBCMT ref: 001AD731
                                                                                                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 001ADA96
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 001A29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,001AD7D1,00000000,00000000,00000000,00000000,?,001AD7F8,00000000,00000007,00000000,?,001ADBF5,00000000), ref: 001A29DE
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 001A29C8: GetLastError.KERNEL32(00000000,?,001AD7D1,00000000,00000000,00000000,00000000,?,001AD7F8,00000000,00000007,00000000,?,001ADBF5,00000000,00000000), ref: 001A29F0
                                                                                                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 001ADAB8
                                                                                                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 001ADACD
                                                                                                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 001ADAD8
                                                                                                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 001ADAFA
                                                                                                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 001ADB0D
                                                                                                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 001ADB1B
                                                                                                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 001ADB26
                                                                                                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 001ADB5E
                                                                                                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 001ADB65
                                                                                                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 001ADB82
                                                                                                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 001ADB9A
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 161543041-0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: fa17c048496914e46a4575432aec4c7dddc6f3d648fc821bf7dc22354578b0a3
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: eb38881f6a0c756b0127b0ee45300db4a60bbaf7e211e5e6a0d3ece67f85d651
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: fa17c048496914e46a4575432aec4c7dddc6f3d648fc821bf7dc22354578b0a3
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 26316B39604B049FEB62AA38E845B6B77E8FF23714F114419E48AD7591DF30AC408721
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • GetClassNameW.USER32(?,?,00000100), ref: 001D369C
                                                                                                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 001D36A7
                                                                                                                                                                                                                                                                                                                                                                                        • SendMessageTimeoutW.USER32(?,?,00000101,00000000,00000002,00001388,?), ref: 001D3797
                                                                                                                                                                                                                                                                                                                                                                                        • GetClassNameW.USER32(?,?,00000400), ref: 001D380C
                                                                                                                                                                                                                                                                                                                                                                                        • GetDlgCtrlID.USER32(?), ref: 001D385D
                                                                                                                                                                                                                                                                                                                                                                                        • GetWindowRect.USER32(?,?), ref: 001D3882
                                                                                                                                                                                                                                                                                                                                                                                        • GetParent.USER32(?), ref: 001D38A0
                                                                                                                                                                                                                                                                                                                                                                                        • ScreenToClient.USER32(00000000), ref: 001D38A7
                                                                                                                                                                                                                                                                                                                                                                                        • GetClassNameW.USER32(?,?,00000100), ref: 001D3921
                                                                                                                                                                                                                                                                                                                                                                                        • GetWindowTextW.USER32(?,?,00000400), ref: 001D395D
                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: ClassName$Window$ClientCtrlMessageParentRectScreenSendTextTimeout_wcslen
                                                                                                                                                                                                                                                                                                                                                                                        • String ID: %s%u
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 4010501982-679674701
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 410d268e2dca5e48b145c7fbe0cb50f2f9a78d4b4e77a239a43be852e8b8bdea
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 13d102a691d7c65ef50f3d318437d545e4895e509b44b26c2123e2b009d09a9f
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 410d268e2dca5e48b145c7fbe0cb50f2f9a78d4b4e77a239a43be852e8b8bdea
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FE91EA71204706AFD719DF24C895FEAF7A8FF44354F00462AF9A9D2291DB30EA45CB92
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • GetClassNameW.USER32(?,?,00000400), ref: 001D4994
                                                                                                                                                                                                                                                                                                                                                                                        • GetWindowTextW.USER32(?,?,00000400), ref: 001D49DA
                                                                                                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 001D49EB
                                                                                                                                                                                                                                                                                                                                                                                        • CharUpperBuffW.USER32(?,00000000), ref: 001D49F7
                                                                                                                                                                                                                                                                                                                                                                                        • _wcsstr.LIBVCRUNTIME ref: 001D4A2C
                                                                                                                                                                                                                                                                                                                                                                                        • GetClassNameW.USER32(00000018,?,00000400), ref: 001D4A64
                                                                                                                                                                                                                                                                                                                                                                                        • GetWindowTextW.USER32(?,?,00000400), ref: 001D4A9D
                                                                                                                                                                                                                                                                                                                                                                                        • GetClassNameW.USER32(00000018,?,00000400), ref: 001D4AE6
                                                                                                                                                                                                                                                                                                                                                                                        • GetClassNameW.USER32(?,?,00000400), ref: 001D4B20
                                                                                                                                                                                                                                                                                                                                                                                        • GetWindowRect.USER32(?,?), ref: 001D4B8B
                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: ClassName$Window$Text$BuffCharRectUpper_wcslen_wcsstr
                                                                                                                                                                                                                                                                                                                                                                                        • String ID: ThumbnailClass
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1311036022-1241985126
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: ed1b196a8a7830d9230ed64bcd80e7648eb0094f86b744fd1be6cdb4f0aa6139
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: a9c6f5d7ae90a33bd562008c5dae2cad59a755cdc861bb4540f5fc5f144c48e3
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ed1b196a8a7830d9230ed64bcd80e7648eb0094f86b744fd1be6cdb4f0aa6139
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2E91BC710083059FDB14CF14C985BAA77E8FF94354F04856BFD8A9A296DB30ED45CBA1
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • GetMenuItemInfoW.USER32(00241990,000000FF,00000000,00000030), ref: 001DBFAC
                                                                                                                                                                                                                                                                                                                                                                                        • SetMenuItemInfoW.USER32(00241990,00000004,00000000,00000030), ref: 001DBFE1
                                                                                                                                                                                                                                                                                                                                                                                        • Sleep.KERNEL32(000001F4), ref: 001DBFF3
                                                                                                                                                                                                                                                                                                                                                                                        • GetMenuItemCount.USER32(?), ref: 001DC039
                                                                                                                                                                                                                                                                                                                                                                                        • GetMenuItemID.USER32(?,00000000), ref: 001DC056
                                                                                                                                                                                                                                                                                                                                                                                        • GetMenuItemID.USER32(?,-00000001), ref: 001DC082
                                                                                                                                                                                                                                                                                                                                                                                        • GetMenuItemID.USER32(?,?), ref: 001DC0C9
                                                                                                                                                                                                                                                                                                                                                                                        • CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 001DC10F
                                                                                                                                                                                                                                                                                                                                                                                        • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 001DC124
                                                                                                                                                                                                                                                                                                                                                                                        • SetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 001DC145
                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: ItemMenu$Info$CheckCountRadioSleep
                                                                                                                                                                                                                                                                                                                                                                                        • String ID: 0
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1460738036-4108050209
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 9a4a10afc063e4a7be51b4e5951a568b45055390683a2ceebc0eeecb90720658
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: bce0ddb9c4376533bb3d51f4be688c7525b3b6f3a17f642f7e334990cf6f4779
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9a4a10afc063e4a7be51b4e5951a568b45055390683a2ceebc0eeecb90720658
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: ED6190B4900256EFDF25CF64DC88AEEBBB8EB05344F544656F811A3392C731AD44CBA0
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 001FCC64
                                                                                                                                                                                                                                                                                                                                                                                        • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?,?,00000000), ref: 001FCC8D
                                                                                                                                                                                                                                                                                                                                                                                        • FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 001FCD48
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 001FCC34: RegCloseKey.ADVAPI32(?,?,?,00000000), ref: 001FCCAA
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 001FCC34: LoadLibraryA.KERNEL32(advapi32.dll,?,?,00000000), ref: 001FCCBD
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 001FCC34: GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 001FCCCF
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 001FCC34: FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 001FCD05
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 001FCC34: RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 001FCD28
                                                                                                                                                                                                                                                                                                                                                                                        • RegDeleteKeyW.ADVAPI32(?,?), ref: 001FCCF3
                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: Library$EnumFree$AddressCloseDeleteLoadOpenProc
                                                                                                                                                                                                                                                                                                                                                                                        • String ID: RegDeleteKeyExW$advapi32.dll
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2734957052-4033151799
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: b8cae3fbf26e30e6ff680b5c21d8774b660802de16223e384a35af39dc405aa6
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: d91520abcb2186fd24f06c0ab6a17f3cb353cd8a5e49a50c81f85280eb226512
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b8cae3fbf26e30e6ff680b5c21d8774b660802de16223e384a35af39dc405aa6
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A23160B190122DBBDB208B94DD8CEFFBB7CEF55750F100165AA05E2241D7349A45EAE0
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 001E3D40
                                                                                                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 001E3D6D
                                                                                                                                                                                                                                                                                                                                                                                        • CreateDirectoryW.KERNEL32(?,00000000), ref: 001E3D9D
                                                                                                                                                                                                                                                                                                                                                                                        • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000003,02200000,00000000), ref: 001E3DBE
                                                                                                                                                                                                                                                                                                                                                                                        • RemoveDirectoryW.KERNEL32(?), ref: 001E3DCE
                                                                                                                                                                                                                                                                                                                                                                                        • DeviceIoControl.KERNEL32(00000000,000900A4,?,?,00000000,00000000,?,00000000), ref: 001E3E55
                                                                                                                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 001E3E60
                                                                                                                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 001E3E6B
                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: CloseCreateDirectoryHandle$ControlDeviceFileFullNamePathRemove_wcslen
                                                                                                                                                                                                                                                                                                                                                                                        • String ID: :$\$\??\%s
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1149970189-3457252023
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: b22e1c039617f4dbb89ba058f1d4ceb88b53da5fb0affbc0395693da75626195
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: d0b5e4093ca2bd039acea3df7623eeb371274db452c27245ef250d8c9b0e69d8
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b22e1c039617f4dbb89ba058f1d4ceb88b53da5fb0affbc0395693da75626195
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: EA31AFB2900249ABDB219BA1DC4DFEF37BDFF88700F6041A5F919D6061EB7097448B24
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • timeGetTime.WINMM ref: 001DE6B4
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 0018E551: timeGetTime.WINMM(?,?,001DE6D4), ref: 0018E555
                                                                                                                                                                                                                                                                                                                                                                                        • Sleep.KERNEL32(0000000A), ref: 001DE6E1
                                                                                                                                                                                                                                                                                                                                                                                        • EnumThreadWindows.USER32(?,Function_0006E665,00000000), ref: 001DE705
                                                                                                                                                                                                                                                                                                                                                                                        • FindWindowExW.USER32(00000000,00000000,BUTTON,00000000), ref: 001DE727
                                                                                                                                                                                                                                                                                                                                                                                        • SetActiveWindow.USER32 ref: 001DE746
                                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,000000F5,00000000,00000000), ref: 001DE754
                                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000010,00000000,00000000), ref: 001DE773
                                                                                                                                                                                                                                                                                                                                                                                        • Sleep.KERNEL32(000000FA), ref: 001DE77E
                                                                                                                                                                                                                                                                                                                                                                                        • IsWindow.USER32 ref: 001DE78A
                                                                                                                                                                                                                                                                                                                                                                                        • EndDialog.USER32(00000000), ref: 001DE79B
                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: Window$MessageSendSleepTimetime$ActiveDialogEnumFindThreadWindows
                                                                                                                                                                                                                                                                                                                                                                                        • String ID: BUTTON
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1194449130-3405671355
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 80c8ef1d614f30f96ce6e8133cf7a0c1107e2360c5eaadf1acb95f3b65dcfd11
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: ba5b764d96233d4d546e7a44f00bfb543d181afcab806a40cc3795182ef0abbc
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 80c8ef1d614f30f96ce6e8133cf7a0c1107e2360c5eaadf1acb95f3b65dcfd11
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0321A7F4200310EFEB116F61FC8DA363BADF755349F510526F415852A2DB719C048A54
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00179CB3: _wcslen.LIBCMT ref: 00179CBD
                                                                                                                                                                                                                                                                                                                                                                                        • mciSendStringW.WINMM(status PlayMe mode,?,00000100,00000000), ref: 001DEA5D
                                                                                                                                                                                                                                                                                                                                                                                        • mciSendStringW.WINMM(close PlayMe,00000000,00000000,00000000), ref: 001DEA73
                                                                                                                                                                                                                                                                                                                                                                                        • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 001DEA84
                                                                                                                                                                                                                                                                                                                                                                                        • mciSendStringW.WINMM(play PlayMe wait,00000000,00000000,00000000), ref: 001DEA96
                                                                                                                                                                                                                                                                                                                                                                                        • mciSendStringW.WINMM(play PlayMe,00000000,00000000,00000000), ref: 001DEAA7
                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: SendString$_wcslen
                                                                                                                                                                                                                                                                                                                                                                                        • String ID: alias PlayMe$close PlayMe$open $play PlayMe$play PlayMe wait$status PlayMe mode
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2420728520-1007645807
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 1bca198d40ac3459b9ec9f6caffe9cf03919ae8f3861c98218c801bb0fe097cd
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: ed3990d9110d407aa5995a0937f12887757ce361df001fe12975717d5a39e0d0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1bca198d40ac3459b9ec9f6caffe9cf03919ae8f3861c98218c801bb0fe097cd
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 59117371AA025979D720F7A1DC4EEFF7ABCEBE2B00F40442A7415A60D1EF700915C5B0
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • GetKeyboardState.USER32(?), ref: 001DA012
                                                                                                                                                                                                                                                                                                                                                                                        • SetKeyboardState.USER32(?), ref: 001DA07D
                                                                                                                                                                                                                                                                                                                                                                                        • GetAsyncKeyState.USER32(000000A0), ref: 001DA09D
                                                                                                                                                                                                                                                                                                                                                                                        • GetKeyState.USER32(000000A0), ref: 001DA0B4
                                                                                                                                                                                                                                                                                                                                                                                        • GetAsyncKeyState.USER32(000000A1), ref: 001DA0E3
                                                                                                                                                                                                                                                                                                                                                                                        • GetKeyState.USER32(000000A1), ref: 001DA0F4
                                                                                                                                                                                                                                                                                                                                                                                        • GetAsyncKeyState.USER32(00000011), ref: 001DA120
                                                                                                                                                                                                                                                                                                                                                                                        • GetKeyState.USER32(00000011), ref: 001DA12E
                                                                                                                                                                                                                                                                                                                                                                                        • GetAsyncKeyState.USER32(00000012), ref: 001DA157
                                                                                                                                                                                                                                                                                                                                                                                        • GetKeyState.USER32(00000012), ref: 001DA165
                                                                                                                                                                                                                                                                                                                                                                                        • GetAsyncKeyState.USER32(0000005B), ref: 001DA18E
                                                                                                                                                                                                                                                                                                                                                                                        • GetKeyState.USER32(0000005B), ref: 001DA19C
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: State$Async$Keyboard
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 541375521-0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: ea5b7a4733909ba181c2f46b302a7d1b463d96aabf8a4acfc3ff780dda4f4b41
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: fd3e54339eab53a5668b479738e27df59a1b6205b17c62822edc43ba693326bb
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ea5b7a4733909ba181c2f46b302a7d1b463d96aabf8a4acfc3ff780dda4f4b41
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: EC51D920A0478829FB35EB7488557EABFB59F12380F48859BD5C2573C3DB54AA4CC7A2
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • GetDlgItem.USER32(?,00000001), ref: 001D5CE2
                                                                                                                                                                                                                                                                                                                                                                                        • GetWindowRect.USER32(00000000,?), ref: 001D5CFB
                                                                                                                                                                                                                                                                                                                                                                                        • MoveWindow.USER32(?,0000000A,00000004,?,?,00000004,00000000), ref: 001D5D59
                                                                                                                                                                                                                                                                                                                                                                                        • GetDlgItem.USER32(?,00000002), ref: 001D5D69
                                                                                                                                                                                                                                                                                                                                                                                        • GetWindowRect.USER32(00000000,?), ref: 001D5D7B
                                                                                                                                                                                                                                                                                                                                                                                        • MoveWindow.USER32(?,?,00000004,00000000,?,00000004,00000000), ref: 001D5DCF
                                                                                                                                                                                                                                                                                                                                                                                        • GetDlgItem.USER32(?,000003E9), ref: 001D5DDD
                                                                                                                                                                                                                                                                                                                                                                                        • GetWindowRect.USER32(00000000,?), ref: 001D5DEF
                                                                                                                                                                                                                                                                                                                                                                                        • MoveWindow.USER32(?,0000000A,00000000,?,00000004,00000000), ref: 001D5E31
                                                                                                                                                                                                                                                                                                                                                                                        • GetDlgItem.USER32(?,000003EA), ref: 001D5E44
                                                                                                                                                                                                                                                                                                                                                                                        • MoveWindow.USER32(00000000,0000000A,0000000A,?,-00000005,00000000), ref: 001D5E5A
                                                                                                                                                                                                                                                                                                                                                                                        • InvalidateRect.USER32(?,00000000,00000001), ref: 001D5E67
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: Window$ItemMoveRect$Invalidate
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3096461208-0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: d56a31af3158de9f58066403d1dd0cf85cc43cdc16c1bdfa08959a12a476f6e3
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: ab8c97b66d4b0552161c2457cd437f5799b65262cf87f768c9eda9b5f7d2f0ca
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d56a31af3158de9f58066403d1dd0cf85cc43cdc16c1bdfa08959a12a476f6e3
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DA5104B1A00705AFDB14DF68DD89AAEBBBAFB48310F248229F515E7291D7709D00CB60
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00188F62: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00188BE8,?,00000000,?,?,?,?,00188BBA,00000000,?), ref: 00188FC5
                                                                                                                                                                                                                                                                                                                                                                                        • DestroyWindow.USER32(?), ref: 00188C81
                                                                                                                                                                                                                                                                                                                                                                                        • KillTimer.USER32(00000000,?,?,?,?,00188BBA,00000000,?), ref: 00188D1B
                                                                                                                                                                                                                                                                                                                                                                                        • DestroyAcceleratorTable.USER32(00000000), ref: 001C6973
                                                                                                                                                                                                                                                                                                                                                                                        • ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,00000000,?,?,?,?,00188BBA,00000000,?), ref: 001C69A1
                                                                                                                                                                                                                                                                                                                                                                                        • ImageList_Destroy.COMCTL32(?,?,?,?,?,?,?,00000000,?,?,?,?,00188BBA,00000000,?), ref: 001C69B8
                                                                                                                                                                                                                                                                                                                                                                                        • ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,?,?,00000000,?,?,?,?,00188BBA,00000000), ref: 001C69D4
                                                                                                                                                                                                                                                                                                                                                                                        • DeleteObject.GDI32(00000000), ref: 001C69E6
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: Destroy$ImageList_$AcceleratorDeleteInvalidateKillObjectRectTableTimerWindow
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 641708696-0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 8060bd8b8922c2f014f4bc5e581e319524aa3e827b2de687ca005f02fe404b65
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: dfbc54025a2b62643c6515f9479049cf9622b0565a9693ecad713538f2552d60
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8060bd8b8922c2f014f4bc5e581e319524aa3e827b2de687ca005f02fe404b65
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1A617A74502710DFDB26AF14E94CB65B7F1FB51316F54461CE0429B9A4CB71EAA0CFA0
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00189944: GetWindowLongW.USER32(?,000000EB), ref: 00189952
                                                                                                                                                                                                                                                                                                                                                                                        • GetSysColor.USER32(0000000F), ref: 00189862
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: ColorLongWindow
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 259745315-0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 8b2766a83c0814ee4a1657fedc9ab71d03204ad0087e96a5e5def11858e731ba
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 48b4e57bc80494565be62e1c1f5e61ade2f80b25a42d042bd3fb7f3169d021f3
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8b2766a83c0814ee4a1657fedc9ab71d03204ad0087e96a5e5def11858e731ba
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CE41A371104744AFDB206F38AC88BB93B65AB17334F284619F9A6872E2C7719E42DF10
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • GetModuleHandleW.KERNEL32(00000000,?,00000FFF,00000001,00000000,?,?,001BF7F8,00000001,0000138C,00000001,?,00000001,00000000,?,?), ref: 001D9717
                                                                                                                                                                                                                                                                                                                                                                                        • LoadStringW.USER32(00000000,?,001BF7F8,00000001), ref: 001D9720
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00179CB3: _wcslen.LIBCMT ref: 00179CBD
                                                                                                                                                                                                                                                                                                                                                                                        • GetModuleHandleW.KERNEL32(00000000,00000001,?,00000FFF,?,?,001BF7F8,00000001,0000138C,00000001,?,00000001,00000000,?,?,00000000), ref: 001D9742
                                                                                                                                                                                                                                                                                                                                                                                        • LoadStringW.USER32(00000000,?,001BF7F8,00000001), ref: 001D9745
                                                                                                                                                                                                                                                                                                                                                                                        • MessageBoxW.USER32(00000000,00000000,?,00011010), ref: 001D9866
                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: HandleLoadModuleString$Message_wcslen
                                                                                                                                                                                                                                                                                                                                                                                        • String ID: Error: $%s (%d) : ==> %s: %s %s$Line %d (File "%s"):$Line %d:$^ ERROR
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 747408836-2268648507
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: b503097d81d50bb26ce17f85186755120d1f587964657b562b94d27b1546bf05
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 8033612dfa7bf55a980ad696ad351c4c423a2bea707dd39c475ff3a0c5351d47
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b503097d81d50bb26ce17f85186755120d1f587964657b562b94d27b1546bf05
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BA416D72800209AACF14FBE0DD86DEEB77CAF25340F608165F60972192EB356F48DB61
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00176B57: _wcslen.LIBCMT ref: 00176B6A
                                                                                                                                                                                                                                                                                                                                                                                        • WNetAddConnection2W.MPR(?,?,?,00000000), ref: 001D07A2
                                                                                                                                                                                                                                                                                                                                                                                        • RegConnectRegistryW.ADVAPI32(?,80000002,?), ref: 001D07BE
                                                                                                                                                                                                                                                                                                                                                                                        • RegOpenKeyExW.ADVAPI32(?,?,00000000,00020019,?,?,SOFTWARE\Classes\), ref: 001D07DA
                                                                                                                                                                                                                                                                                                                                                                                        • RegQueryValueExW.ADVAPI32(?,00000000,00000000,00000000,?,?,?,SOFTWARE\Classes\), ref: 001D0804
                                                                                                                                                                                                                                                                                                                                                                                        • CLSIDFromString.OLE32(?,000001FE,?,SOFTWARE\Classes\), ref: 001D082C
                                                                                                                                                                                                                                                                                                                                                                                        • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 001D0837
                                                                                                                                                                                                                                                                                                                                                                                        • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 001D083C
                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: Close$ConnectConnection2FromOpenQueryRegistryStringValue_wcslen
                                                                                                                                                                                                                                                                                                                                                                                        • String ID: SOFTWARE\Classes\$\CLSID$\IPC$
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 323675364-22481851
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 836545b4dfcb4fc0693f75d7113eb2bb00d304383720b7bb5cf52c8f0b06ef96
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 2c8531d0af753ea143cd3b816e2a69caa49ae72df07ae6337436111e412f0144
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 836545b4dfcb4fc0693f75d7113eb2bb00d304383720b7bb5cf52c8f0b06ef96
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F8410A72C10229ABDF15EBA4DC85DEDB778FF58350F548129E915A72A1EB305E04CB90
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • VariantInit.OLEAUT32(?), ref: 001F3C5C
                                                                                                                                                                                                                                                                                                                                                                                        • CoInitialize.OLE32(00000000), ref: 001F3C8A
                                                                                                                                                                                                                                                                                                                                                                                        • CoUninitialize.OLE32 ref: 001F3C94
                                                                                                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 001F3D2D
                                                                                                                                                                                                                                                                                                                                                                                        • GetRunningObjectTable.OLE32(00000000,?), ref: 001F3DB1
                                                                                                                                                                                                                                                                                                                                                                                        • SetErrorMode.KERNEL32(00000001,00000029), ref: 001F3ED5
                                                                                                                                                                                                                                                                                                                                                                                        • CoGetInstanceFromFile.OLE32(00000000,?,00000000,00000015,00000002,?,00000001,?), ref: 001F3F0E
                                                                                                                                                                                                                                                                                                                                                                                        • CoGetObject.OLE32(?,00000000,0020FB98,?), ref: 001F3F2D
                                                                                                                                                                                                                                                                                                                                                                                        • SetErrorMode.KERNEL32(00000000), ref: 001F3F40
                                                                                                                                                                                                                                                                                                                                                                                        • SetErrorMode.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 001F3FC4
                                                                                                                                                                                                                                                                                                                                                                                        • VariantClear.OLEAUT32(?), ref: 001F3FD8
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: ErrorMode$ObjectVariant$ClearFileFromInitInitializeInstanceRunningTableUninitialize_wcslen
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 429561992-0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: b03ac51bae7a9ce5de316c77f242da63f8d77bfb473bc32fadcdecfe76339ec8
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 0286e0f55f3451eadff408536309036710c3c2faea74b6c3e3cc76e900d89be5
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b03ac51bae7a9ce5de316c77f242da63f8d77bfb473bc32fadcdecfe76339ec8
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A3C136B16083099FD700DF68C88492BB7E9FF89748F14491DFA9A9B251D731EE06CB52
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • CoInitialize.OLE32(00000000), ref: 001E7AF3
                                                                                                                                                                                                                                                                                                                                                                                        • SHGetSpecialFolderLocation.SHELL32(00000000,00000000,?), ref: 001E7B8F
                                                                                                                                                                                                                                                                                                                                                                                        • SHGetDesktopFolder.SHELL32(?), ref: 001E7BA3
                                                                                                                                                                                                                                                                                                                                                                                        • CoCreateInstance.OLE32(0020FD08,00000000,00000001,00236E6C,?), ref: 001E7BEF
                                                                                                                                                                                                                                                                                                                                                                                        • SHCreateShellItem.SHELL32(00000000,00000000,?,00000003), ref: 001E7C74
                                                                                                                                                                                                                                                                                                                                                                                        • CoTaskMemFree.OLE32(?,?), ref: 001E7CCC
                                                                                                                                                                                                                                                                                                                                                                                        • SHBrowseForFolderW.SHELL32(?), ref: 001E7D57
                                                                                                                                                                                                                                                                                                                                                                                        • SHGetPathFromIDListW.SHELL32(00000000,?), ref: 001E7D7A
                                                                                                                                                                                                                                                                                                                                                                                        • CoTaskMemFree.OLE32(00000000), ref: 001E7D81
                                                                                                                                                                                                                                                                                                                                                                                        • CoTaskMemFree.OLE32(00000000), ref: 001E7DD6
                                                                                                                                                                                                                                                                                                                                                                                        • CoUninitialize.OLE32 ref: 001E7DDC
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: FolderFreeTask$Create$BrowseDesktopFromInitializeInstanceItemListLocationPathShellSpecialUninitialize
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2762341140-0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 7bea602d924f7a230ca3f0327871014c9c689ad3b634a81fdf8a08ad6cb2d2dc
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: adadb7f534b05f5f072db425230e3ad3c61d41309a7fde6781b725798ec170f0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7bea602d924f7a230ca3f0327871014c9c689ad3b634a81fdf8a08ad6cb2d2dc
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F9C15C74A04609AFDB14DFA4C888DAEBBF9FF48304B148198E409DB261D730EE41CB90
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00000158,000000FF,00000158), ref: 00205504
                                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00205515
                                                                                                                                                                                                                                                                                                                                                                                        • CharNextW.USER32(00000158), ref: 00205544
                                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,0000014B,00000000,00000000), ref: 00205585
                                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00000158,000000FF,0000014E), ref: 0020559B
                                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 002055AC
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: MessageSend$CharNext
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1350042424-0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 6c60dd76169fffe6ac9535bbb23b3adb2d8535d2dcba19fcffaf808c10e49a61
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: a2afdd8277381db9472a56fdec94594c78697e755c8e0ebe668a4e5b75a20446
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6c60dd76169fffe6ac9535bbb23b3adb2d8535d2dcba19fcffaf808c10e49a61
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 88618D74920729ABDF108F54DC88DFF7BB9EB05320F104145F925A62D2D7749AA1DF60
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • SafeArrayAllocDescriptorEx.OLEAUT32(0000000C,?,?), ref: 001CFAAF
                                                                                                                                                                                                                                                                                                                                                                                        • SafeArrayAllocData.OLEAUT32(?), ref: 001CFB08
                                                                                                                                                                                                                                                                                                                                                                                        • VariantInit.OLEAUT32(?), ref: 001CFB1A
                                                                                                                                                                                                                                                                                                                                                                                        • SafeArrayAccessData.OLEAUT32(?,?), ref: 001CFB3A
                                                                                                                                                                                                                                                                                                                                                                                        • VariantCopy.OLEAUT32(?,?), ref: 001CFB8D
                                                                                                                                                                                                                                                                                                                                                                                        • SafeArrayUnaccessData.OLEAUT32(?), ref: 001CFBA1
                                                                                                                                                                                                                                                                                                                                                                                        • VariantClear.OLEAUT32(?), ref: 001CFBB6
                                                                                                                                                                                                                                                                                                                                                                                        • SafeArrayDestroyData.OLEAUT32(?), ref: 001CFBC3
                                                                                                                                                                                                                                                                                                                                                                                        • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 001CFBCC
                                                                                                                                                                                                                                                                                                                                                                                        • VariantClear.OLEAUT32(?), ref: 001CFBDE
                                                                                                                                                                                                                                                                                                                                                                                        • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 001CFBE9
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: ArraySafe$DataVariant$DescriptorDestroy$AllocClear$AccessCopyInitUnaccess
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2706829360-0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: fc1b9c04c7d94c3bc3871ba6022b87f90816caa0df79826a32fcf14ff5c4fea4
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: ebdef8c02715f14caf98b6bc57282c704a7bd627aef455c4fd6c24e263a7f4b8
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: fc1b9c04c7d94c3bc3871ba6022b87f90816caa0df79826a32fcf14ff5c4fea4
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DD413075A002199FCB04DF64D858EEDBBB9FF58344F10816DE945A7262C730EE46CB90
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • GetKeyboardState.USER32(?), ref: 001D9CA1
                                                                                                                                                                                                                                                                                                                                                                                        • GetAsyncKeyState.USER32(000000A0), ref: 001D9D22
                                                                                                                                                                                                                                                                                                                                                                                        • GetKeyState.USER32(000000A0), ref: 001D9D3D
                                                                                                                                                                                                                                                                                                                                                                                        • GetAsyncKeyState.USER32(000000A1), ref: 001D9D57
                                                                                                                                                                                                                                                                                                                                                                                        • GetKeyState.USER32(000000A1), ref: 001D9D6C
                                                                                                                                                                                                                                                                                                                                                                                        • GetAsyncKeyState.USER32(00000011), ref: 001D9D84
                                                                                                                                                                                                                                                                                                                                                                                        • GetKeyState.USER32(00000011), ref: 001D9D96
                                                                                                                                                                                                                                                                                                                                                                                        • GetAsyncKeyState.USER32(00000012), ref: 001D9DAE
                                                                                                                                                                                                                                                                                                                                                                                        • GetKeyState.USER32(00000012), ref: 001D9DC0
                                                                                                                                                                                                                                                                                                                                                                                        • GetAsyncKeyState.USER32(0000005B), ref: 001D9DD8
                                                                                                                                                                                                                                                                                                                                                                                        • GetKeyState.USER32(0000005B), ref: 001D9DEA
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: State$Async$Keyboard
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 541375521-0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: e8b076a89b4bb845d73318502874f9a285038337716e55d50b781bfbfe782fd5
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 734d5d6058ff2815acd52e52b9bb6a23e1b9cf59240056421e863a3950193aaf
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e8b076a89b4bb845d73318502874f9a285038337716e55d50b781bfbfe782fd5
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 66410A74504BC96DFF3097A4C8043B6BEE1AF11344F44805BDAC65B7C2EBA5A9C8C7A2
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • WSAStartup.WSOCK32(00000101,?), ref: 001F05BC
                                                                                                                                                                                                                                                                                                                                                                                        • inet_addr.WSOCK32(?), ref: 001F061C
                                                                                                                                                                                                                                                                                                                                                                                        • gethostbyname.WSOCK32(?), ref: 001F0628
                                                                                                                                                                                                                                                                                                                                                                                        • IcmpCreateFile.IPHLPAPI ref: 001F0636
                                                                                                                                                                                                                                                                                                                                                                                        • IcmpSendEcho.IPHLPAPI(?,?,?,00000005,00000000,?,00000029,00000FA0), ref: 001F06C6
                                                                                                                                                                                                                                                                                                                                                                                        • IcmpSendEcho.IPHLPAPI(00000000,00000000,?,00000005,00000000,?,00000029,00000FA0), ref: 001F06E5
                                                                                                                                                                                                                                                                                                                                                                                        • IcmpCloseHandle.IPHLPAPI(?), ref: 001F07B9
                                                                                                                                                                                                                                                                                                                                                                                        • WSACleanup.WSOCK32 ref: 001F07BF
                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: Icmp$EchoSend$CleanupCloseCreateFileHandleStartupgethostbynameinet_addr
                                                                                                                                                                                                                                                                                                                                                                                        • String ID: Ping
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1028309954-2246546115
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: b31e34672b810390f19519d816f9e57ce23be701e05964e5c998f8f6d8d2d1b8
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 521589b5a1ffa2693282537d5a5a8c720f60926ace0cc219a6a45de1d23fd1c8
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b31e34672b810390f19519d816f9e57ce23be701e05964e5c998f8f6d8d2d1b8
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7591AF746083019FD721DF15D888F2ABBE0AF48318F1586A9F5A98B6A3C770ED41CF91
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: _wcslen$BuffCharLower
                                                                                                                                                                                                                                                                                                                                                                                        • String ID: cdecl$none$stdcall$winapi
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 707087890-567219261
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 959334245fc98c62c6f80c0cc1410274732103c0ffec7c190bcdd5b2abf85067
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: bd942c06a7236f151d0b5059f8fe48ac2c17bbb6c8fab36f8bba444262279d3d
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 959334245fc98c62c6f80c0cc1410274732103c0ffec7c190bcdd5b2abf85067
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0051B272A0051A9BCF24DFACC9518BEB7A5BF74324B214229E626E72C5DF30DD41C790
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • CoInitialize.OLE32 ref: 001F3774
                                                                                                                                                                                                                                                                                                                                                                                        • CoUninitialize.OLE32 ref: 001F377F
                                                                                                                                                                                                                                                                                                                                                                                        • CoCreateInstance.OLE32(?,00000000,00000017,0020FB78,?), ref: 001F37D9
                                                                                                                                                                                                                                                                                                                                                                                        • IIDFromString.OLE32(?,?), ref: 001F384C
                                                                                                                                                                                                                                                                                                                                                                                        • VariantInit.OLEAUT32(?), ref: 001F38E4
                                                                                                                                                                                                                                                                                                                                                                                        • VariantClear.OLEAUT32(?), ref: 001F3936
                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: Variant$ClearCreateFromInitInitializeInstanceStringUninitialize
                                                                                                                                                                                                                                                                                                                                                                                        • String ID: Failed to create object$Invalid parameter$NULL Pointer assignment
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 636576611-1287834457
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 37169320f417df2f6ef5bb3567c7bc85172628f3405cb8a7ea88dd6881e1658b
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: ede2d0a71b05800e4e7de2b24ae6002061c72db33adae86cd7002238683550bb
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 37169320f417df2f6ef5bb3567c7bc85172628f3405cb8a7ea88dd6881e1658b
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4161E0B0208305AFD311EF54D888F6AB7E8EF49740F104A09FA959B291C770EE48CB92
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • LoadStringW.USER32(00000066,?,00000FFF,?), ref: 001E33CF
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00179CB3: _wcslen.LIBCMT ref: 00179CBD
                                                                                                                                                                                                                                                                                                                                                                                        • LoadStringW.USER32(00000072,?,00000FFF,?), ref: 001E33F0
                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: LoadString$_wcslen
                                                                                                                                                                                                                                                                                                                                                                                        • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Incorrect parameters to object property !$Line %d (File "%s"):$^ ERROR
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 4099089115-3080491070
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 27b6377370590c5e02405eebfd90e1665947b81b9c6b006ffb20216e8089fa72
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 0cb38abac47d58780b91f60d3cae96962e8d93d26321b52a4ef79f5d62d74152
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 27b6377370590c5e02405eebfd90e1665947b81b9c6b006ffb20216e8089fa72
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: EA51D171D00609BADF15EBA0DD4AEEEB778AF25300F208065F11973192EB312F68DB61
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: _wcslen$BuffCharUpper
                                                                                                                                                                                                                                                                                                                                                                                        • String ID: APPEND$EXISTS$KEYS$REMOVE
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1256254125-769500911
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 98d248d4419c73e899da0b121f904593877680546cee7fc0c62794db37b83e73
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 48bab2a46f151258f65831de77aaa3a1702d4b1bcc7f00be1ce62c66ae7d65e0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 98d248d4419c73e899da0b121f904593877680546cee7fc0c62794db37b83e73
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6241E832A08026DBCB105F7D88D05BEB7A5EFA4754B66422BE422D7384E735CD81C790
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • SetErrorMode.KERNEL32(00000001), ref: 001E53A0
                                                                                                                                                                                                                                                                                                                                                                                        • GetDiskFreeSpaceW.KERNEL32(?,?,?,?,?,00000002,00000001), ref: 001E5416
                                                                                                                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32 ref: 001E5420
                                                                                                                                                                                                                                                                                                                                                                                        • SetErrorMode.KERNEL32(00000000,READY), ref: 001E54A7
                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: Error$Mode$DiskFreeLastSpace
                                                                                                                                                                                                                                                                                                                                                                                        • String ID: INVALID$NOTREADY$READONLY$READY$UNKNOWN
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 4194297153-14809454
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 839c60b152e060d53598135fd0b38269bf3351059fe1542047f89174d2b3a932
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: a69a87a2c1bfff965ae17eea8666c92ebfea085a2b3d3ce4c5546a9e7c982317
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 839c60b152e060d53598135fd0b38269bf3351059fe1542047f89174d2b3a932
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0531D075A00A44DFC710DF69D488AAEBBF9EF14309F148065E405CB292E770ED86CBA0
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • CreateMenu.USER32 ref: 00203C79
                                                                                                                                                                                                                                                                                                                                                                                        • SetMenu.USER32(?,00000000), ref: 00203C88
                                                                                                                                                                                                                                                                                                                                                                                        • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00203D10
                                                                                                                                                                                                                                                                                                                                                                                        • IsMenu.USER32(?), ref: 00203D24
                                                                                                                                                                                                                                                                                                                                                                                        • CreatePopupMenu.USER32 ref: 00203D2E
                                                                                                                                                                                                                                                                                                                                                                                        • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 00203D5B
                                                                                                                                                                                                                                                                                                                                                                                        • DrawMenuBar.USER32 ref: 00203D63
                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: Menu$CreateItem$DrawInfoInsertPopup
                                                                                                                                                                                                                                                                                                                                                                                        • String ID: 0$F
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 161812096-3044882817
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 9abaa385cdacba33ec179fd1edd5c1ee9480271aac23a93702f9c04238c51b59
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: b4af2a5fc10dc9167d2d2bd650163e042169407dba6618381f5106b50a823e0c
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9abaa385cdacba33ec179fd1edd5c1ee9480271aac23a93702f9c04238c51b59
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 09417FB9611306EFDB14CF54E848A9A7BB9FF49350F140129F946A73A1D770AA20DF50
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00179CB3: _wcslen.LIBCMT ref: 00179CBD
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 001D3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 001D3CCA
                                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,0000018C,000000FF,00020000), ref: 001D1F64
                                                                                                                                                                                                                                                                                                                                                                                        • GetDlgCtrlID.USER32 ref: 001D1F6F
                                                                                                                                                                                                                                                                                                                                                                                        • GetParent.USER32 ref: 001D1F8B
                                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,?,00000111,?), ref: 001D1F8E
                                                                                                                                                                                                                                                                                                                                                                                        • GetDlgCtrlID.USER32(?), ref: 001D1F97
                                                                                                                                                                                                                                                                                                                                                                                        • GetParent.USER32(?), ref: 001D1FAB
                                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,?,00000111,?), ref: 001D1FAE
                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: MessageSend$CtrlParent$ClassName_wcslen
                                                                                                                                                                                                                                                                                                                                                                                        • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 711023334-1403004172
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 4fc5f14fd64eb2ad02cd9db49a197b68d75d5b3c1c1356cad74e5859a24f1264
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 31922dacdc429ee6e737a58adb19ff3d7393570fbbce2e8d2cfaf29df03b0132
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4fc5f14fd64eb2ad02cd9db49a197b68d75d5b3c1c1356cad74e5859a24f1264
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0921D4B0A00214BBCF19AFA0DC85DEEBBB8EF55310F104216F965A7292CB355919DB60
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,0000101F,00000000,00000000), ref: 00203A9D
                                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,?,0000101F,00000000), ref: 00203AA0
                                                                                                                                                                                                                                                                                                                                                                                        • GetWindowLongW.USER32(?,000000F0), ref: 00203AC7
                                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00203AEA
                                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,0000104D,00000000,00000007), ref: 00203B62
                                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001074,00000000,00000007), ref: 00203BAC
                                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001057,00000000,00000000), ref: 00203BC7
                                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,0000101D,00001004,00000000), ref: 00203BE2
                                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,0000101E,00001004,00000000), ref: 00203BF6
                                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001008,00000000,00000007), ref: 00203C13
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: MessageSend$LongWindow
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 312131281-0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 54c97949d3f0a6a03ae2d43f9fd1a7f96d4cfdae748de6c670889e2963308ed8
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 13416c1678561bbd96e95726bf9a16f890bd800fafb59013df24ff2b8f84c218
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 54c97949d3f0a6a03ae2d43f9fd1a7f96d4cfdae748de6c670889e2963308ed8
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 18618C75900208AFDB10DF68CC81EEE77B8EB49704F10019AFA15E72E2D770AE91DB50
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 001DB151
                                                                                                                                                                                                                                                                                                                                                                                        • GetForegroundWindow.USER32(00000000,?,?,?,?,?,001DA1E1,?,00000001), ref: 001DB165
                                                                                                                                                                                                                                                                                                                                                                                        • GetWindowThreadProcessId.USER32(00000000), ref: 001DB16C
                                                                                                                                                                                                                                                                                                                                                                                        • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,001DA1E1,?,00000001), ref: 001DB17B
                                                                                                                                                                                                                                                                                                                                                                                        • GetWindowThreadProcessId.USER32(?,00000000), ref: 001DB18D
                                                                                                                                                                                                                                                                                                                                                                                        • AttachThreadInput.USER32(?,00000000,00000001,?,?,?,?,?,001DA1E1,?,00000001), ref: 001DB1A6
                                                                                                                                                                                                                                                                                                                                                                                        • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,001DA1E1,?,00000001), ref: 001DB1B8
                                                                                                                                                                                                                                                                                                                                                                                        • AttachThreadInput.USER32(00000000,00000000,?,?,?,?,?,001DA1E1,?,00000001), ref: 001DB1FD
                                                                                                                                                                                                                                                                                                                                                                                        • AttachThreadInput.USER32(?,?,00000000,?,?,?,?,?,001DA1E1,?,00000001), ref: 001DB212
                                                                                                                                                                                                                                                                                                                                                                                        • AttachThreadInput.USER32(00000000,?,00000000,?,?,?,?,?,001DA1E1,?,00000001), ref: 001DB21D
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: Thread$AttachInput$Window$Process$CurrentForeground
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2156557900-0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 6d92dfc34cd626990efba23a7562694a0b124f80d6cad36a13b97b6905840fb9
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 7c8cbc7886f500e39492fc6385b474672f704bed595381e9a67fc512af99c96e
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6d92dfc34cd626990efba23a7562694a0b124f80d6cad36a13b97b6905840fb9
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8F3180BA504204EFDB20DF24FCCCB6D7BB9AB52355F214216FA06D6291D7B4A9408F60
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 001A2C94
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 001A29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,001AD7D1,00000000,00000000,00000000,00000000,?,001AD7F8,00000000,00000007,00000000,?,001ADBF5,00000000), ref: 001A29DE
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 001A29C8: GetLastError.KERNEL32(00000000,?,001AD7D1,00000000,00000000,00000000,00000000,?,001AD7F8,00000000,00000007,00000000,?,001ADBF5,00000000,00000000), ref: 001A29F0
                                                                                                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 001A2CA0
                                                                                                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 001A2CAB
                                                                                                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 001A2CB6
                                                                                                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 001A2CC1
                                                                                                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 001A2CCC
                                                                                                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 001A2CD7
                                                                                                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 001A2CE2
                                                                                                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 001A2CED
                                                                                                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 001A2CFB
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 776569668-0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 072b2ba1a88231a8fbe2310b8eae45f1b617764bf5ac32e30e4aba13f37a7277
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: db9bb5ae162f5d728e6c4af8ab7083b21a499ef4a223cff2f5c94c29c8488a57
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 072b2ba1a88231a8fbe2310b8eae45f1b617764bf5ac32e30e4aba13f37a7277
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4611B97A100118BFCB42EF58D842CEE3BA5FF16754F4144A5FA489F222D731EE509B91
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 001E7FAD
                                                                                                                                                                                                                                                                                                                                                                                        • SetCurrentDirectoryW.KERNEL32(?), ref: 001E7FC1
                                                                                                                                                                                                                                                                                                                                                                                        • GetFileAttributesW.KERNEL32(?), ref: 001E7FEB
                                                                                                                                                                                                                                                                                                                                                                                        • SetFileAttributesW.KERNEL32(?,00000000), ref: 001E8005
                                                                                                                                                                                                                                                                                                                                                                                        • SetCurrentDirectoryW.KERNEL32(?), ref: 001E8017
                                                                                                                                                                                                                                                                                                                                                                                        • SetCurrentDirectoryW.KERNEL32(?), ref: 001E8060
                                                                                                                                                                                                                                                                                                                                                                                        • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 001E80B0
                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: CurrentDirectory$AttributesFile
                                                                                                                                                                                                                                                                                                                                                                                        • String ID: *.*
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 769691225-438819550
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: e8eefaed0ba66fa3c1a84e25af557bb9ec1ae823966be974e3a6fc9950937536
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 34a8da9e99840ca0708b102b2480cfbb29cfe523e7976d221e2b874e8a51c622
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e8eefaed0ba66fa3c1a84e25af557bb9ec1ae823966be974e3a6fc9950937536
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BA81C0725087819BDB24EF16C8449AEB3E8BF99310F144C5EF889D7291EB34DD49CB92
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • SetWindowLongW.USER32(?,000000EB), ref: 00175C7A
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00175D0A: GetClientRect.USER32(?,?), ref: 00175D30
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00175D0A: GetWindowRect.USER32(?,?), ref: 00175D71
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00175D0A: ScreenToClient.USER32(?,?), ref: 00175D99
                                                                                                                                                                                                                                                                                                                                                                                        • GetDC.USER32 ref: 001B46F5
                                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 001B4708
                                                                                                                                                                                                                                                                                                                                                                                        • SelectObject.GDI32(00000000,00000000), ref: 001B4716
                                                                                                                                                                                                                                                                                                                                                                                        • SelectObject.GDI32(00000000,00000000), ref: 001B472B
                                                                                                                                                                                                                                                                                                                                                                                        • ReleaseDC.USER32(?,00000000), ref: 001B4733
                                                                                                                                                                                                                                                                                                                                                                                        • MoveWindow.USER32(?,?,?,?,?,?,?,00000031,00000000,00000000), ref: 001B47C4
                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: Window$ClientObjectRectSelect$LongMessageMoveReleaseScreenSend
                                                                                                                                                                                                                                                                                                                                                                                        • String ID: U
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 4009187628-3372436214
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 539d512b2c7d3f87b026cb93878aa29653bfa0285c997fa833e06852a646c71d
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 846395b535677321b179f0cf5cb89797f7bb0604b08a83eb4c8c114cc39c2165
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 539d512b2c7d3f87b026cb93878aa29653bfa0285c997fa833e06852a646c71d
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: EC71F234400205DFCF25CF64C985AFA7BB6FF4A360F248269ED559A1A7C7319851DF50
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • LoadStringW.USER32(00000066,?,00000FFF,00000000), ref: 001E35E4
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00179CB3: _wcslen.LIBCMT ref: 00179CBD
                                                                                                                                                                                                                                                                                                                                                                                        • LoadStringW.USER32(00242390,?,00000FFF,?), ref: 001E360A
                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: LoadString$_wcslen
                                                                                                                                                                                                                                                                                                                                                                                        • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Line %d (File "%s"):$^ ERROR
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 4099089115-2391861430
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: e006dcb2cd8d57c8c34e25ddf74af9245da221de036a7b7c475e1de716f2f166
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 579864fc795312c2d2a5b2ecb982bef8eb35505d42e7a76087aa53582f3ff491
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e006dcb2cd8d57c8c34e25ddf74af9245da221de036a7b7c475e1de716f2f166
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 13519F71C00649BBCF15EBA1DC46EEEBB78AF25300F148165F119721A2EB311B99DF61
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 001EC272
                                                                                                                                                                                                                                                                                                                                                                                        • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 001EC29A
                                                                                                                                                                                                                                                                                                                                                                                        • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 001EC2CA
                                                                                                                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32 ref: 001EC322
                                                                                                                                                                                                                                                                                                                                                                                        • SetEvent.KERNEL32(?), ref: 001EC336
                                                                                                                                                                                                                                                                                                                                                                                        • InternetCloseHandle.WININET(00000000), ref: 001EC341
                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: HttpInternet$CloseErrorEventHandleInfoLastOpenQueryRequestSend
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3113390036-3916222277
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 15a8c2e57d89e19d8104729fcf47d22b091c409bde69f4fc60eac748089b79a8
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 57eb97711102ef58fe120813f48d413273eb9ba286fbe56ce71f5701fd975938
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 15a8c2e57d89e19d8104729fcf47d22b091c409bde69f4fc60eac748089b79a8
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 99319FB1500B44AFD7219F669C88AAFBBFCFB59740B14851EF44692211DB30DD068BA0
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • GetModuleHandleW.KERNEL32(00000000,?,?,00000FFF,00000000,?,001B3AAF,?,?,Bad directive syntax error,0020CC08,00000000,00000010,?,?,>>>AUTOIT SCRIPT<<<), ref: 001D98BC
                                                                                                                                                                                                                                                                                                                                                                                        • LoadStringW.USER32(00000000,?,001B3AAF,?), ref: 001D98C3
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00179CB3: _wcslen.LIBCMT ref: 00179CBD
                                                                                                                                                                                                                                                                                                                                                                                        • MessageBoxW.USER32(00000000,00000001,00000001,00011010), ref: 001D9987
                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: HandleLoadMessageModuleString_wcslen
                                                                                                                                                                                                                                                                                                                                                                                        • String ID: Error: $%s (%d) : ==> %s.: %s %s$.$Line %d (File "%s"):$Line %d:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 858772685-4153970271
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 98a5dfd23617c36a6d72aca0321ec06ed40d4a62e5dcfe97655159a3f0659d0d
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 375ebe092a876e387e606181833b52c13a528e3e7b29b44886c63105d7aa4d32
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 98a5dfd23617c36a6d72aca0321ec06ed40d4a62e5dcfe97655159a3f0659d0d
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 43219171C1021EBBCF25AF90CC1AEEE7739FF28704F04845AF519660A2EB319628DB11
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • GetParent.USER32 ref: 001D20AB
                                                                                                                                                                                                                                                                                                                                                                                        • GetClassNameW.USER32(00000000,?,00000100), ref: 001D20C0
                                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00000111,0000702B,00000000), ref: 001D214D
                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: ClassMessageNameParentSend
                                                                                                                                                                                                                                                                                                                                                                                        • String ID: SHELLDLL_DefView$details$largeicons$list$smallicons
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1290815626-3381328864
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: d967b7a5d984b6ae594b5e7d9b3e0519321f954700e9e2a456a8b3662f65c1b7
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 9b85c6f50f48585821d5aafc3ca9604f17f5b2822d8578879630aad6399c119d
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d967b7a5d984b6ae594b5e7d9b3e0519321f954700e9e2a456a8b3662f65c1b7
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FB1159B6288316BAFA152320EC0BCA6739CCF25328F204217FB09A51D2FF71A8135614
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 57fe9951af0d9eacb1c18571863ef660fc1f7cf2b274fd00cb8106d9b3247b96
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: e4dd31befff801b02cad726c7c7bf35e039f80babdf64e4d1602a4b8d077f7f1
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 57fe9951af0d9eacb1c18571863ef660fc1f7cf2b274fd00cb8106d9b3247b96
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8AC1E27CD04249AFDF11DFA8D985BADBBB4AF1B310F144199F918A7392CB309981CB61
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: _free$EnvironmentVariable___from_strstr_to_strchr
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1282221369-0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: b8a6e5e64a3ff2b7cb4b0175fbb3317dd1d9cb5f2571366e478ea0415b4caf58
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 3712c5b2d07b24a88c53b5ae060f80895b0a34f78a38d20b289f35553ed99c62
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b8a6e5e64a3ff2b7cb4b0175fbb3317dd1d9cb5f2571366e478ea0415b4caf58
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D06165BAD04310AFDF25AFB8A885A7A7BA5EF13720F04416DFA55A7282D7319D0187D0
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00002001,00000000,00000000), ref: 00205186
                                                                                                                                                                                                                                                                                                                                                                                        • ShowWindow.USER32(?,00000000), ref: 002051C7
                                                                                                                                                                                                                                                                                                                                                                                        • ShowWindow.USER32(?,00000005,?,00000000), ref: 002051CD
                                                                                                                                                                                                                                                                                                                                                                                        • SetFocus.USER32(?,?,00000005,?,00000000), ref: 002051D1
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00206FBA: DeleteObject.GDI32(00000000), ref: 00206FE6
                                                                                                                                                                                                                                                                                                                                                                                        • GetWindowLongW.USER32(?,000000F0), ref: 0020520D
                                                                                                                                                                                                                                                                                                                                                                                        • SetWindowLongW.USER32(?,000000F0,00000000), ref: 0020521A
                                                                                                                                                                                                                                                                                                                                                                                        • InvalidateRect.USER32(?,00000000,00000001,?,00000001), ref: 0020524D
                                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001001,00000000,000000FE), ref: 00205287
                                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001026,00000000,000000FE), ref: 00205296
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: Window$MessageSend$LongShow$DeleteFocusInvalidateObjectRect
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3210457359-0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 2d91c001f3cfd6bc5f11aa4a89efb37f79a355609801b89f2c3f793fcee972bf
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: d09458797c67b9a42c921d95378ca4e47737f099433ea6c1a5fbe90da74e5a52
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2d91c001f3cfd6bc5f11aa4a89efb37f79a355609801b89f2c3f793fcee972bf
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C851B130A70B29FFEF249F24CC49B9A7B65EF05320F144111FA19962E2C7B5A9A0DF41
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • LoadImageW.USER32(00000000,?,?,00000010,00000010,00000010), ref: 001C6890
                                                                                                                                                                                                                                                                                                                                                                                        • ExtractIconExW.SHELL32(?,?,00000000,00000000,00000001), ref: 001C68A9
                                                                                                                                                                                                                                                                                                                                                                                        • LoadImageW.USER32(00000000,?,00000001,00000000,00000000,00000050), ref: 001C68B9
                                                                                                                                                                                                                                                                                                                                                                                        • ExtractIconExW.SHELL32(?,?,?,00000000,00000001), ref: 001C68D1
                                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00000080,00000000,00000000), ref: 001C68F2
                                                                                                                                                                                                                                                                                                                                                                                        • DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,00188874,00000000,00000000,00000000,000000FF,00000000), ref: 001C6901
                                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00000080,00000001,00000000), ref: 001C691E
                                                                                                                                                                                                                                                                                                                                                                                        • DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,00188874,00000000,00000000,00000000,000000FF,00000000), ref: 001C692D
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: Icon$DestroyExtractImageLoadMessageSend
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1268354404-0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 0ac4499206e34a00d8f62cd9a5c43f0a291818b0f8d256717be76857e4345274
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 923286f28d3f95e7f71d0200b2edd0254c89ed2fe6653bde7f72bd91917ef965
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0ac4499206e34a00d8f62cd9a5c43f0a291818b0f8d256717be76857e4345274
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 865169B4600309AFDB24EF24DC95FAA7BB5FB98750F104618F916972A0DB70EA90DF50
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 001EC182
                                                                                                                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32 ref: 001EC195
                                                                                                                                                                                                                                                                                                                                                                                        • SetEvent.KERNEL32(?), ref: 001EC1A9
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 001EC253: InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 001EC272
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 001EC253: GetLastError.KERNEL32 ref: 001EC322
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 001EC253: SetEvent.KERNEL32(?), ref: 001EC336
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 001EC253: InternetCloseHandle.WININET(00000000), ref: 001EC341
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: Internet$ErrorEventLast$CloseConnectHandleOpen
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 337547030-0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: c7bf1f451f0fbca9a28c4f824b3b43ae4d132d5facd5ecb6131d396173049d28
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 74cbf73b471e0379dbf4e851e7b55152351ad239ecea4bbb536f8971e4fdfa72
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c7bf1f451f0fbca9a28c4f824b3b43ae4d132d5facd5ecb6131d396173049d28
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B53192B1100B82EFDB259FA6EC48A6BBBF9FF58300B14451DFA5682611D730E815DBA0
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 001D3A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 001D3A57
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 001D3A3D: GetCurrentThreadId.KERNEL32 ref: 001D3A5E
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 001D3A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,001D25B3), ref: 001D3A65
                                                                                                                                                                                                                                                                                                                                                                                        • MapVirtualKeyW.USER32(00000025,00000000), ref: 001D25BD
                                                                                                                                                                                                                                                                                                                                                                                        • PostMessageW.USER32(?,00000100,00000025,00000000), ref: 001D25DB
                                                                                                                                                                                                                                                                                                                                                                                        • Sleep.KERNEL32(00000000,?,00000100,00000025,00000000), ref: 001D25DF
                                                                                                                                                                                                                                                                                                                                                                                        • MapVirtualKeyW.USER32(00000025,00000000), ref: 001D25E9
                                                                                                                                                                                                                                                                                                                                                                                        • PostMessageW.USER32(?,00000100,00000027,00000000), ref: 001D2601
                                                                                                                                                                                                                                                                                                                                                                                        • Sleep.KERNEL32(00000000,?,00000100,00000027,00000000), ref: 001D2605
                                                                                                                                                                                                                                                                                                                                                                                        • MapVirtualKeyW.USER32(00000025,00000000), ref: 001D260F
                                                                                                                                                                                                                                                                                                                                                                                        • PostMessageW.USER32(?,00000101,00000027,00000000), ref: 001D2623
                                                                                                                                                                                                                                                                                                                                                                                        • Sleep.KERNEL32(00000000,?,00000101,00000027,00000000,?,00000100,00000027,00000000), ref: 001D2627
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: MessagePostSleepThreadVirtual$AttachCurrentInputProcessWindow
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2014098862-0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 400941fc0bcb131190f1b242a8c09a9b1d8160999ae6584e502ae52b4bc2dafe
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 3f8cdf075cae21225adc2724c3df126201a183c99f68324caae4a5d76cd1b532
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 400941fc0bcb131190f1b242a8c09a9b1d8160999ae6584e502ae52b4bc2dafe
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: AE01D871390310BBFB206768AC8EF597F5DDB5EB11F200112F328AF1D2C9F254448AAA
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • GetProcessHeap.KERNEL32(00000008,0000000C,?,00000000,?,001D1449,?,?,00000000), ref: 001D180C
                                                                                                                                                                                                                                                                                                                                                                                        • HeapAlloc.KERNEL32(00000000,?,001D1449,?,?,00000000), ref: 001D1813
                                                                                                                                                                                                                                                                                                                                                                                        • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,001D1449,?,?,00000000), ref: 001D1828
                                                                                                                                                                                                                                                                                                                                                                                        • GetCurrentProcess.KERNEL32(?,00000000,?,001D1449,?,?,00000000), ref: 001D1830
                                                                                                                                                                                                                                                                                                                                                                                        • DuplicateHandle.KERNEL32(00000000,?,001D1449,?,?,00000000), ref: 001D1833
                                                                                                                                                                                                                                                                                                                                                                                        • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,001D1449,?,?,00000000), ref: 001D1843
                                                                                                                                                                                                                                                                                                                                                                                        • GetCurrentProcess.KERNEL32(001D1449,00000000,?,001D1449,?,?,00000000), ref: 001D184B
                                                                                                                                                                                                                                                                                                                                                                                        • DuplicateHandle.KERNEL32(00000000,?,001D1449,?,?,00000000), ref: 001D184E
                                                                                                                                                                                                                                                                                                                                                                                        • CreateThread.KERNEL32(00000000,00000000,001D1874,00000000,00000000,00000000), ref: 001D1868
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: Process$Current$DuplicateHandleHeap$AllocCreateThread
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1957940570-0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 91cee7b87dbb0192dcc84f15ec56f0ac6dd3646a51488d5fc36e4a5ea9a542f6
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 38b5fa05fa50313692e502d0c9998596d37c1b133d8786d8b7e715fc91b7dd43
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 91cee7b87dbb0192dcc84f15ec56f0ac6dd3646a51488d5fc36e4a5ea9a542f6
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B401BFB5240304BFE710AB65EC4DF577B6CEB89B11F104511FA05DB192C6709800CB20
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 001DD4DC: CreateToolhelp32Snapshot.KERNEL32 ref: 001DD501
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 001DD4DC: Process32FirstW.KERNEL32(00000000,?), ref: 001DD50F
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 001DD4DC: CloseHandle.KERNELBASE(00000000), ref: 001DD5DC
                                                                                                                                                                                                                                                                                                                                                                                        • OpenProcess.KERNEL32(00000001,00000000,?), ref: 001FA16D
                                                                                                                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32 ref: 001FA180
                                                                                                                                                                                                                                                                                                                                                                                        • OpenProcess.KERNEL32(00000001,00000000,?), ref: 001FA1B3
                                                                                                                                                                                                                                                                                                                                                                                        • TerminateProcess.KERNEL32(00000000,00000000), ref: 001FA268
                                                                                                                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32(00000000), ref: 001FA273
                                                                                                                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 001FA2C4
                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: Process$CloseErrorHandleLastOpen$CreateFirstProcess32SnapshotTerminateToolhelp32
                                                                                                                                                                                                                                                                                                                                                                                        • String ID: SeDebugPrivilege
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2533919879-2896544425
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: b6438628da07b16db13e8e12a9a7842c418d6efb5e6410892003ffa6e763c355
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 9f4c3ca2ce3f8bfc494ce4297bfbdbd330f3ee7b544e13d0dce0470e12100c48
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b6438628da07b16db13e8e12a9a7842c418d6efb5e6410892003ffa6e763c355
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: AE61B0B0208242AFD710DF18C494F29BBE1AF54318F59C48CE56A4B7A3C776ED45CB92
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00001036,00000010,00000010), ref: 00203925
                                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00001036,00000000,?), ref: 0020393A
                                                                                                                                                                                                                                                                                                                                                                                        • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000013), ref: 00203954
                                                                                                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 00203999
                                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001057,00000000,?), ref: 002039C6
                                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001061,?,0000000F), ref: 002039F4
                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: MessageSend$Window_wcslen
                                                                                                                                                                                                                                                                                                                                                                                        • String ID: SysListView32
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2147712094-78025650
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 8fc33ed5cd36620aa9eeb03a919ef7f403c0395a461fee3ab9cf17980772fdd3
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 5549e3558b11b54f898d3abbe4751049918eb998d99f94049b5b3edb0043914d
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8fc33ed5cd36620aa9eeb03a919ef7f403c0395a461fee3ab9cf17980772fdd3
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9D419371A10319ABEF21DF64CC49BEA77ADEF48350F100566F958E72C2D77199A0CB90
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 001DBCFD
                                                                                                                                                                                                                                                                                                                                                                                        • IsMenu.USER32(00000000), ref: 001DBD1D
                                                                                                                                                                                                                                                                                                                                                                                        • CreatePopupMenu.USER32 ref: 001DBD53
                                                                                                                                                                                                                                                                                                                                                                                        • GetMenuItemCount.USER32(00D06DA0), ref: 001DBDA4
                                                                                                                                                                                                                                                                                                                                                                                        • InsertMenuItemW.USER32(00D06DA0,?,00000001,00000030), ref: 001DBDCC
                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: Menu$Item$CountCreateInfoInsertPopup
                                                                                                                                                                                                                                                                                                                                                                                        • String ID: 0$2
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 93392585-3793063076
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: f3fd318f8f3f1ae61387295bb89f0597458f6b6878eca6320640a01628a0e731
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 8d5bdadbb2119adadae628265c2b7f0f8b64afa3557224c927fcfb874b61bf89
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f3fd318f8f3f1ae61387295bb89f0597458f6b6878eca6320640a01628a0e731
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 49519E70608A05DBDF14CFE8D8C8BAEBBF6BF59318F25425AE442A7391D7709940CB61
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • LoadIconW.USER32(00000000,00007F03), ref: 001DC913
                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: IconLoad
                                                                                                                                                                                                                                                                                                                                                                                        • String ID: blank$info$question$stop$warning
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2457776203-404129466
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 30d5c5faecb02c39474717dfc530c9ea5b80ac500a86944934438a96fd99572d
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 2e35b3d5ce44e91a88809e78861bf84496a7cb3ac17c660e94df2d81ad20e3d8
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 30d5c5faecb02c39474717dfc530c9ea5b80ac500a86944934438a96fd99572d
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D1113D32689307BBEB095B54DC93CAA679CDF16328B60452FF501A6382D7705D0092E4
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: CleanupStartup_strcatgethostbynamegethostnameinet_ntoa
                                                                                                                                                                                                                                                                                                                                                                                        • String ID: 0.0.0.0
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 642191829-3771769585
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 38b59a7d2beb23bc2f8720aec0c7df91271c95d284d2933462a8dce543e17739
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 8c8eb39cd613516427ba20487270903377f3a2be934ef401ec489800f46b0ce4
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 38b59a7d2beb23bc2f8720aec0c7df91271c95d284d2933462a8dce543e17739
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2D110A71504204AFDB246B64EC0AEDE77BCDF25711F1101AAF40596292EF718A818B51
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00189BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00189BB2
                                                                                                                                                                                                                                                                                                                                                                                        • GetSystemMetrics.USER32(0000000F), ref: 00209FC7
                                                                                                                                                                                                                                                                                                                                                                                        • GetSystemMetrics.USER32(0000000F), ref: 00209FE7
                                                                                                                                                                                                                                                                                                                                                                                        • MoveWindow.USER32(00000003,?,?,?,?,00000000,?,?,?), ref: 0020A224
                                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000003,00000142,00000000,0000FFFF), ref: 0020A242
                                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000003,00000469,?,00000000), ref: 0020A263
                                                                                                                                                                                                                                                                                                                                                                                        • ShowWindow.USER32(00000003,00000000), ref: 0020A282
                                                                                                                                                                                                                                                                                                                                                                                        • InvalidateRect.USER32(?,00000000,00000001), ref: 0020A2A7
                                                                                                                                                                                                                                                                                                                                                                                        • DefDlgProcW.USER32(?,00000005,?,?), ref: 0020A2CA
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: Window$MessageMetricsSendSystem$InvalidateLongMoveProcRectShow
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1211466189-0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 904871d5f10b48e5dfbd12cacdb086bd85545cca0599e68c68a2923487c9a170
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 1f99d7bc2ede4911db0c2e6f49bb62196a0c4228c6b66a71cd9040e65a8676c9
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 904871d5f10b48e5dfbd12cacdb086bd85545cca0599e68c68a2923487c9a170
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 09B1BC3161031ADFDF14CF68C9897AE7BB2FF44701F588069EC49AB296DB31A960CB51
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: _wcslen$LocalTime
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 952045576-0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: c35aa9a892ddea8c95522bb86f4974fb1b8bc61352d9190a522f777c0b486a8e
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 722078e8704b7993958697dd7ddf7e8c70424de324e2ac9f2660a1f701e224b3
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c35aa9a892ddea8c95522bb86f4974fb1b8bc61352d9190a522f777c0b486a8e
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 75418065C1021876CF11FBF48C8A9DFB7A8AF55710F508562E518E3222FB34E255C3A6
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,001C682C,00000004,00000000,00000000), ref: 0018F953
                                                                                                                                                                                                                                                                                                                                                                                        • ShowWindow.USER32(FFFFFFFF,00000006,?,00000000,?,001C682C,00000004,00000000,00000000), ref: 001CF3D1
                                                                                                                                                                                                                                                                                                                                                                                        • ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,001C682C,00000004,00000000,00000000), ref: 001CF454
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: ShowWindow
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1268545403-0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: aecefecba8dfe94e9128966e7e8aaa43ceeb4597a3d595c7f961bdbde0644d9d
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: a2d523dc94064c191dfc8f72436a656d624a173a442e30c030d1c2506bb03acd
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: aecefecba8dfe94e9128966e7e8aaa43ceeb4597a3d595c7f961bdbde0644d9d
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D9413D30A14780FAC73DAB29D88CB2A7B96BB66318F15413CF04752561C735DA83CF11
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • DeleteObject.GDI32(00000000), ref: 00202D1B
                                                                                                                                                                                                                                                                                                                                                                                        • GetDC.USER32(00000000), ref: 00202D23
                                                                                                                                                                                                                                                                                                                                                                                        • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00202D2E
                                                                                                                                                                                                                                                                                                                                                                                        • ReleaseDC.USER32(00000000,00000000), ref: 00202D3A
                                                                                                                                                                                                                                                                                                                                                                                        • CreateFontW.GDI32(?,00000000,00000000,00000000,?,00000000,00000000,00000000,00000001,00000004,00000000,?,00000000,?), ref: 00202D76
                                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00000030,00000000,00000001), ref: 00202D87
                                                                                                                                                                                                                                                                                                                                                                                        • MoveWindow.USER32(?,?,?,?,?,00000000,?,?,00205A65,?,?,000000FF,00000000,?,000000FF,?), ref: 00202DC2
                                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00000142,00000000,00000000), ref: 00202DE1
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: MessageSend$CapsCreateDeleteDeviceFontMoveObjectReleaseWindow
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3864802216-0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 7ba4196578d69a5660e48475c3de4e37783e1dc98bc77c1e27b0bc114c5e8c5d
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 5719ed246c5534a850d5213df7745304750072da0a5e1002ff4135314544e25f
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7ba4196578d69a5660e48475c3de4e37783e1dc98bc77c1e27b0bc114c5e8c5d
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FD3189B2211214BBEB258F50DC8AFEB3BADEB49711F144156FE089A2D2C6759C51CBA0
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: _memcmp
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2931989736-0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 82a67efa36f831834a9e48b05a36ef357dac99ed6d639cc023ead76cadfb74cb
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: efe8a73c0ea42aeda3e57901c5192e32576b3d36dba8e4b209dd7fa60c43282d
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 82a67efa36f831834a9e48b05a36ef357dac99ed6d639cc023ead76cadfb74cb
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3221AA71A84B09B7E71995108E82FFA336FBF21394F540023FD045AB82F720EE6085A5
                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                                                                                                                        • String ID: NULL Pointer assignment$Not an Object type
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 0-572801152
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 5ae2eefb5aafe6d07085f900c1c4023a085deb73de409f054f8db38ec955d6f7
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: de6476db250fd5928f2bcc4351ec84afc2278a571bf802e8b570fef7c4f746e1
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5ae2eefb5aafe6d07085f900c1c4023a085deb73de409f054f8db38ec955d6f7
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D5D1A175A0060EAFDF14CF98C881BBEB7B6BF48344F158169EA15AB281D770ED41CB90
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • GetCPInfo.KERNEL32(?,?), ref: 001B15CE
                                                                                                                                                                                                                                                                                                                                                                                        • MultiByteToWideChar.KERNEL32(?,00000009,?,?,00000000,00000000), ref: 001B1651
                                                                                                                                                                                                                                                                                                                                                                                        • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 001B16E4
                                                                                                                                                                                                                                                                                                                                                                                        • MultiByteToWideChar.KERNEL32(?,00000009,?,?,00000000,00000000), ref: 001B16FB
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 001A3820: RtlAllocateHeap.NTDLL(00000000,?,00241444,?,0018FDF5,?,?,0017A976,00000010,00241440,001713FC,?,001713C6,?,00171129), ref: 001A3852
                                                                                                                                                                                                                                                                                                                                                                                        • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 001B1777
                                                                                                                                                                                                                                                                                                                                                                                        • __freea.LIBCMT ref: 001B17A2
                                                                                                                                                                                                                                                                                                                                                                                        • __freea.LIBCMT ref: 001B17AE
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: ByteCharMultiWide$__freea$AllocateHeapInfo
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2829977744-0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: a936dff84a78612ad5eac2be22feb056f64f728d3565b76b11533c86e9544f0c
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 7ee038fe738027bae469ffa3369ee4665b3eb5881b766da3a3ac1427e5266098
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a936dff84a78612ad5eac2be22feb056f64f728d3565b76b11533c86e9544f0c
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1591D872E10216BEDF248FB4C861AEEBBB5AF4A310F9A0659F805E7141DB35DD40CB60
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: Variant$ClearInit
                                                                                                                                                                                                                                                                                                                                                                                        • String ID: Incorrect Object type in FOR..IN loop$Null Object assignment in FOR..IN loop
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2610073882-625585964
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: ca02a146982cd6a90bd6ae6656c44efd11a2c9dfc6e3856b559de8fc700c91f0
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 6e7cf2cb86629e8334e39ccf990d8ab0b461573f54b5428bfb99be1efbad7fa3
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ca02a146982cd6a90bd6ae6656c44efd11a2c9dfc6e3856b559de8fc700c91f0
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FF918171A00219ABDF24DFA5D884FBFBBB8EF46714F108659F605AB281D7709941CFA0
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • SafeArrayGetVartype.OLEAUT32(00000001,?), ref: 001E125C
                                                                                                                                                                                                                                                                                                                                                                                        • SafeArrayAccessData.OLEAUT32(00000000,?), ref: 001E1284
                                                                                                                                                                                                                                                                                                                                                                                        • SafeArrayUnaccessData.OLEAUT32(00000001), ref: 001E12A8
                                                                                                                                                                                                                                                                                                                                                                                        • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 001E12D8
                                                                                                                                                                                                                                                                                                                                                                                        • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 001E135F
                                                                                                                                                                                                                                                                                                                                                                                        • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 001E13C4
                                                                                                                                                                                                                                                                                                                                                                                        • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 001E1430
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: ArraySafe$Data$Access$UnaccessVartype
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2550207440-0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: fc6ae7f94ef664086eea2476200c22f1844242215b3476c98406f9a1f1e5dbcf
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 0f574e2656bade8fdfd1d281406de59404aa4acb5e5adc1b7261d3312ba22141
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: fc6ae7f94ef664086eea2476200c22f1844242215b3476c98406f9a1f1e5dbcf
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4391F572A00649AFDB01DFA5D884BFEB7B5FF55724F214029EA00EB292D774AD41CB90
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: ObjectSelect$BeginCreatePath
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3225163088-0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 52df6c5e1d9a4fc8945e26797e71396170142dcb5fd055686b4927090a6ada15
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 3e2d39698482431cf4b746be8403104f5351a144342d7348ac086429aa9d0549
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 52df6c5e1d9a4fc8945e26797e71396170142dcb5fd055686b4927090a6ada15
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 18911871D00219EFCB14DFA9C888AEEBBB9FF49320F28455AE515B7251D374AA41CF60
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • VariantInit.OLEAUT32(?), ref: 001F396B
                                                                                                                                                                                                                                                                                                                                                                                        • CharUpperBuffW.USER32(?,?), ref: 001F3A7A
                                                                                                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 001F3A8A
                                                                                                                                                                                                                                                                                                                                                                                        • VariantClear.OLEAUT32(?), ref: 001F3C1F
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 001E0CDF: VariantInit.OLEAUT32(00000000), ref: 001E0D1F
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 001E0CDF: VariantCopy.OLEAUT32(?,?), ref: 001E0D28
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 001E0CDF: VariantClear.OLEAUT32(?), ref: 001E0D34
                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: Variant$ClearInit$BuffCharCopyUpper_wcslen
                                                                                                                                                                                                                                                                                                                                                                                        • String ID: AUTOIT.ERROR$Incorrect Parameter format
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 4137639002-1221869570
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 74efbe1e5afc11123a1bc8030475e35f06b47b0af9a504b4bf190492f1cd502c
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: cdd7e4b7078e30b84cc5a0da135e9d0f77528fd6c95bed537e516ee9f64dfca6
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 74efbe1e5afc11123a1bc8030475e35f06b47b0af9a504b4bf190492f1cd502c
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 489178746083099FCB04EF24C49196AB7E4FF98314F14892EF99A9B351DB31EE45CB92
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 001D000E: CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,001CFF41,80070057,?,?,?,001D035E), ref: 001D002B
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 001D000E: ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,001CFF41,80070057,?,?), ref: 001D0046
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 001D000E: lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,001CFF41,80070057,?,?), ref: 001D0054
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 001D000E: CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,001CFF41,80070057,?), ref: 001D0064
                                                                                                                                                                                                                                                                                                                                                                                        • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000002,00000003,00000000,00000000,00000000,00000001,?,?), ref: 001F4C51
                                                                                                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 001F4D59
                                                                                                                                                                                                                                                                                                                                                                                        • CoCreateInstanceEx.OLE32(?,00000000,00000015,?,00000001,?), ref: 001F4DCF
                                                                                                                                                                                                                                                                                                                                                                                        • CoTaskMemFree.OLE32(?), ref: 001F4DDA
                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: FreeFromProgTask$CreateInitializeInstanceSecurity_wcslenlstrcmpi
                                                                                                                                                                                                                                                                                                                                                                                        • String ID: NULL Pointer assignment
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 614568839-2785691316
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 3f635093f4b32361b55a7f918ad3460ed119b41e3624cdf73bb6f43eadf0b5e7
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 9265d0c79887e73b2dc1808ad4871ed15890b42820fa0881d5723e45854ef96f
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3f635093f4b32361b55a7f918ad3460ed119b41e3624cdf73bb6f43eadf0b5e7
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C9912871D0021DAFDF15DFA4D881AEEB7B8BF18314F10816AE919AB251EB349A44CF60
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • GetMenu.USER32(?), ref: 00202183
                                                                                                                                                                                                                                                                                                                                                                                        • GetMenuItemCount.USER32(00000000), ref: 002021B5
                                                                                                                                                                                                                                                                                                                                                                                        • GetMenuStringW.USER32(00000000,00000000,?,00007FFF,00000400), ref: 002021DD
                                                                                                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 00202213
                                                                                                                                                                                                                                                                                                                                                                                        • GetMenuItemID.USER32(?,?), ref: 0020224D
                                                                                                                                                                                                                                                                                                                                                                                        • GetSubMenu.USER32(?,?), ref: 0020225B
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 001D3A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 001D3A57
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 001D3A3D: GetCurrentThreadId.KERNEL32 ref: 001D3A5E
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 001D3A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,001D25B3), ref: 001D3A65
                                                                                                                                                                                                                                                                                                                                                                                        • PostMessageW.USER32(?,00000111,00000000,00000000), ref: 002022E3
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 001DE97B: Sleep.KERNEL32 ref: 001DE9F3
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: Menu$Thread$Item$AttachCountCurrentInputMessagePostProcessSleepStringWindow_wcslen
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 4196846111-0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: dbd008f6194233044d9597f323146622f0e962191c16a3ebc14febdbfc99cfb3
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 75634f17e94d5052e6b3e1f52da0ec8839bbe2b14c190ef8104e7d4618442e31
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: dbd008f6194233044d9597f323146622f0e962191c16a3ebc14febdbfc99cfb3
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 05717075A10305EFCB14DFA4C849AAEB7F5EF48310F14845AE81AEB382D774AE458B90
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • IsWindow.USER32(00D06D78), ref: 00207F37
                                                                                                                                                                                                                                                                                                                                                                                        • IsWindowEnabled.USER32(00D06D78), ref: 00207F43
                                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,0000041C,00000000,00000000), ref: 0020801E
                                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00D06D78,000000B0,?,?), ref: 00208051
                                                                                                                                                                                                                                                                                                                                                                                        • IsDlgButtonChecked.USER32(?,?), ref: 00208089
                                                                                                                                                                                                                                                                                                                                                                                        • GetWindowLongW.USER32(00D06D78,000000EC), ref: 002080AB
                                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,000000A1,00000002,00000000), ref: 002080C3
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: MessageSendWindow$ButtonCheckedEnabledLong
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 4072528602-0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 94be410c8b13d487820ececd3352d17ec2bf7e509ce22af948273293965d703c
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 10946539d89d87339ff17abdd2b22df21bb672fd2f2617315d3d232212e5e186
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 94be410c8b13d487820ececd3352d17ec2bf7e509ce22af948273293965d703c
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 07719374918306AFEF259F54C888FAA7BB9EF59300F144459E945972D2CB31B865CB10
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • GetParent.USER32(?), ref: 001DAEF9
                                                                                                                                                                                                                                                                                                                                                                                        • GetKeyboardState.USER32(?), ref: 001DAF0E
                                                                                                                                                                                                                                                                                                                                                                                        • SetKeyboardState.USER32(?), ref: 001DAF6F
                                                                                                                                                                                                                                                                                                                                                                                        • PostMessageW.USER32(?,00000101,00000010,?), ref: 001DAF9D
                                                                                                                                                                                                                                                                                                                                                                                        • PostMessageW.USER32(?,00000101,00000011,?), ref: 001DAFBC
                                                                                                                                                                                                                                                                                                                                                                                        • PostMessageW.USER32(?,00000101,00000012,?), ref: 001DAFFD
                                                                                                                                                                                                                                                                                                                                                                                        • PostMessageW.USER32(?,00000101,0000005B,?), ref: 001DB020
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: MessagePost$KeyboardState$Parent
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 87235514-0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 9d81abe34fe08fc3ac2aa98da682fb15c15679beb5d2f9aff4bb35f923b77482
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: f1df6970d18b585485ffcb2c7c79a066827b15b7da52802db04e36f68f44d7ad
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9d81abe34fe08fc3ac2aa98da682fb15c15679beb5d2f9aff4bb35f923b77482
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7151C1A16087D57DFB3683348885BBFBEA95F06304F08858AF1DA459C2C399ADC8D751
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • GetParent.USER32(00000000), ref: 001DAD19
                                                                                                                                                                                                                                                                                                                                                                                        • GetKeyboardState.USER32(?), ref: 001DAD2E
                                                                                                                                                                                                                                                                                                                                                                                        • SetKeyboardState.USER32(?), ref: 001DAD8F
                                                                                                                                                                                                                                                                                                                                                                                        • PostMessageW.USER32(00000000,00000100,00000010,?), ref: 001DADBB
                                                                                                                                                                                                                                                                                                                                                                                        • PostMessageW.USER32(00000000,00000100,00000011,?), ref: 001DADD8
                                                                                                                                                                                                                                                                                                                                                                                        • PostMessageW.USER32(00000000,00000100,00000012,?), ref: 001DAE17
                                                                                                                                                                                                                                                                                                                                                                                        • PostMessageW.USER32(00000000,00000100,0000005B,?), ref: 001DAE38
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: MessagePost$KeyboardState$Parent
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 87235514-0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 1e508d7152749728964dc15e83748c47ad9c0d12c59ab123c0d4e749ebd317a9
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: f0bc265958d987a7f72c43725fd55ab9eb5f844da26beb067a04516d116eee6a
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1e508d7152749728964dc15e83748c47ad9c0d12c59ab123c0d4e749ebd317a9
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 255104A15087D53DFB36C3748C95B7ABFA95F46300F48858AE1D546AC3C394EC88E762
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • GetConsoleCP.KERNEL32(001B3CD6,?,?,?,?,?,?,?,?,001A5BA3,?,?,001B3CD6,?,?), ref: 001A5470
                                                                                                                                                                                                                                                                                                                                                                                        • __fassign.LIBCMT ref: 001A54EB
                                                                                                                                                                                                                                                                                                                                                                                        • __fassign.LIBCMT ref: 001A5506
                                                                                                                                                                                                                                                                                                                                                                                        • WideCharToMultiByte.KERNEL32(?,00000000,?,00000001,001B3CD6,00000005,00000000,00000000), ref: 001A552C
                                                                                                                                                                                                                                                                                                                                                                                        • WriteFile.KERNEL32(?,001B3CD6,00000000,001A5BA3,00000000,?,?,?,?,?,?,?,?,?,001A5BA3,?), ref: 001A554B
                                                                                                                                                                                                                                                                                                                                                                                        • WriteFile.KERNEL32(?,?,00000001,001A5BA3,00000000,?,?,?,?,?,?,?,?,?,001A5BA3,?), ref: 001A5584
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1324828854-0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: f5d40dbeec0bb8a00e2ea8e1d17e5a8b978946fb2888088496293532d1d245d0
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 77fd8e4a1b435cbcfaff8ff3f78035fa704ffde0c6fa13dec5975a47a750bae9
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f5d40dbeec0bb8a00e2ea8e1d17e5a8b978946fb2888088496293532d1d245d0
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2A51A4B5D046499FDB10CFA8D885AEEBBFAEF0A300F14415AF955E7291D7309A41CB60
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • _ValidateLocalCookies.LIBCMT ref: 00192D4B
                                                                                                                                                                                                                                                                                                                                                                                        • ___except_validate_context_record.LIBVCRUNTIME ref: 00192D53
                                                                                                                                                                                                                                                                                                                                                                                        • _ValidateLocalCookies.LIBCMT ref: 00192DE1
                                                                                                                                                                                                                                                                                                                                                                                        • __IsNonwritableInCurrentImage.LIBCMT ref: 00192E0C
                                                                                                                                                                                                                                                                                                                                                                                        • _ValidateLocalCookies.LIBCMT ref: 00192E61
                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                                                                                                                                                                                                                                                                                                        • String ID: csm
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1170836740-1018135373
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: c05c003296890805b4162a8d0afa1cc4f74f086cbb25feb2a38d3d438853c942
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: f58b99823fd5b488740eb0d823ba48eb615ad1c9caaaeaf10e82859437dfc2b7
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c05c003296890805b4162a8d0afa1cc4f74f086cbb25feb2a38d3d438853c942
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5A41CF34E01209BBCF14DFA8C885A9EBBF5BF55324F148155E814AB392D771AE12CBD0
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 001F304E: inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 001F307A
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 001F304E: _wcslen.LIBCMT ref: 001F309B
                                                                                                                                                                                                                                                                                                                                                                                        • socket.WSOCK32(00000002,00000001,00000006,?,?,00000000), ref: 001F1112
                                                                                                                                                                                                                                                                                                                                                                                        • WSAGetLastError.WSOCK32 ref: 001F1121
                                                                                                                                                                                                                                                                                                                                                                                        • WSAGetLastError.WSOCK32 ref: 001F11C9
                                                                                                                                                                                                                                                                                                                                                                                        • closesocket.WSOCK32(00000000), ref: 001F11F9
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: ErrorLast$_wcslenclosesocketinet_addrsocket
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2675159561-0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 535ac60cb25e4ebb97e525d1d9ab4a4341178ab423ea30460bb27b9d670dbb34
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: af2dd6e808040e3ec5942a1b5d78de3f8e14afbcead1d584c84c2c25c3d4fe62
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 535ac60cb25e4ebb97e525d1d9ab4a4341178ab423ea30460bb27b9d670dbb34
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A141D471604608EFDB109F24D888BB9B7E9EF45324F148159FE199B292C770AE41CBE1
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 001DDDE0: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,001DCF22,?), ref: 001DDDFD
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 001DDDE0: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,001DCF22,?), ref: 001DDE16
                                                                                                                                                                                                                                                                                                                                                                                        • lstrcmpiW.KERNEL32(?,?), ref: 001DCF45
                                                                                                                                                                                                                                                                                                                                                                                        • MoveFileW.KERNEL32(?,?), ref: 001DCF7F
                                                                                                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 001DD005
                                                                                                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 001DD01B
                                                                                                                                                                                                                                                                                                                                                                                        • SHFileOperationW.SHELL32(?), ref: 001DD061
                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: FileFullNamePath_wcslen$MoveOperationlstrcmpi
                                                                                                                                                                                                                                                                                                                                                                                        • String ID: \*.*
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3164238972-1173974218
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: fd5eebfc11b03fe388447335ed8360462d26c1f7a953895d89bbce3e8a7c3dd0
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 71c94d871f8da71699f100517b7902f7e985bca4ea84b8214f4aa1623203d956
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: fd5eebfc11b03fe388447335ed8360462d26c1f7a953895d89bbce3e8a7c3dd0
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2D4147B19452195FDF12EFA4DD81EDEB7B9AF18380F1004E7E509EB242EB34A648CB50
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 00202E1C
                                                                                                                                                                                                                                                                                                                                                                                        • GetWindowLongW.USER32(?,000000F0), ref: 00202E4F
                                                                                                                                                                                                                                                                                                                                                                                        • GetWindowLongW.USER32(?,000000F0), ref: 00202E84
                                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,000000F1,00000000,00000000), ref: 00202EB6
                                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,000000F1,00000001,00000000), ref: 00202EE0
                                                                                                                                                                                                                                                                                                                                                                                        • GetWindowLongW.USER32(?,000000F0), ref: 00202EF1
                                                                                                                                                                                                                                                                                                                                                                                        • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00202F0B
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: LongWindow$MessageSend
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2178440468-0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 2491752fd4cd4c59e4d1e10a86320669628f4022a24c8f64aa2b21689ea528ca
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: e4b866644a65dae9e3552d9be54d118cb57c11a38a95f6ec6fbdb037f5d5ac04
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2491752fd4cd4c59e4d1e10a86320669628f4022a24c8f64aa2b21689ea528ca
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DD310334694251EFDB218F58EC8CF6537A4EB8A750F240166FA049F2F3CB71B8A49B00
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 001D7769
                                                                                                                                                                                                                                                                                                                                                                                        • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 001D778F
                                                                                                                                                                                                                                                                                                                                                                                        • SysAllocString.OLEAUT32(00000000), ref: 001D7792
                                                                                                                                                                                                                                                                                                                                                                                        • SysAllocString.OLEAUT32(?), ref: 001D77B0
                                                                                                                                                                                                                                                                                                                                                                                        • SysFreeString.OLEAUT32(?), ref: 001D77B9
                                                                                                                                                                                                                                                                                                                                                                                        • StringFromGUID2.OLE32(?,?,00000028), ref: 001D77DE
                                                                                                                                                                                                                                                                                                                                                                                        • SysAllocString.OLEAUT32(?), ref: 001D77EC
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3761583154-0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 395506ca3642b267d3a6ebeb32c614b043513179c44b4584339767efe8b2ceec
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: d8eefecca421e024ee9d858062f314e217fbf866399d39303d83c26255a4d046
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 395506ca3642b267d3a6ebeb32c614b043513179c44b4584339767efe8b2ceec
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F021B276604219AFDB10EFA8DC8CCBB73ACFB093647108526FA04DB291E770DC418B60
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 001D7842
                                                                                                                                                                                                                                                                                                                                                                                        • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 001D7868
                                                                                                                                                                                                                                                                                                                                                                                        • SysAllocString.OLEAUT32(00000000), ref: 001D786B
                                                                                                                                                                                                                                                                                                                                                                                        • SysAllocString.OLEAUT32 ref: 001D788C
                                                                                                                                                                                                                                                                                                                                                                                        • SysFreeString.OLEAUT32 ref: 001D7895
                                                                                                                                                                                                                                                                                                                                                                                        • StringFromGUID2.OLE32(?,?,00000028), ref: 001D78AF
                                                                                                                                                                                                                                                                                                                                                                                        • SysAllocString.OLEAUT32(?), ref: 001D78BD
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3761583154-0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: dd5d0afd71a2b1795c9e173f5bbab9812db35265681738dd0f3936a36b2b7701
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 4f1274e517242a44edfa962aca949f52816cdff4ba271c53393357f47c7949de
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: dd5d0afd71a2b1795c9e173f5bbab9812db35265681738dd0f3936a36b2b7701
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 71214F75608204AFDB10AFA8DC8DDAA77ECFB097607118126F915CB2E1EB74DC41DB64
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • GetStdHandle.KERNEL32(0000000C), ref: 001E04F2
                                                                                                                                                                                                                                                                                                                                                                                        • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 001E052E
                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: CreateHandlePipe
                                                                                                                                                                                                                                                                                                                                                                                        • String ID: nul
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1424370930-2873401336
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 627d5ab0f9702b60c65d76385cc09a34b1d796bd9e6414f56e08fdee75a39eb3
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 97ff86203e82863111fc62f4295cff1b7a3a098632d3b857abc8ba214aca15dd
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 627d5ab0f9702b60c65d76385cc09a34b1d796bd9e6414f56e08fdee75a39eb3
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7E2180B1500745AFDB219F2ADC08A9E77B4BF49724F244A19F8A1D62E0D7B0D980CF20
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • GetStdHandle.KERNEL32(000000F6), ref: 001E05C6
                                                                                                                                                                                                                                                                                                                                                                                        • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 001E0601
                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: CreateHandlePipe
                                                                                                                                                                                                                                                                                                                                                                                        • String ID: nul
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1424370930-2873401336
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 2c76623f7d72858151ed54319085af684491d23c6dddd005b969745cdc46006b
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 3c98e56fe565d6e5e972642c8c673aad224d888197545d68bb7f3a42cbce4d4d
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2c76623f7d72858151ed54319085af684491d23c6dddd005b969745cdc46006b
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0A2171755007459FDB219F6A9C04B5E77E4BF9D720F244B19F8A1E72E0D7B098A1CB10
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 0017600E: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 0017604C
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 0017600E: GetStockObject.GDI32(00000011), ref: 00176060
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 0017600E: SendMessageW.USER32(00000000,00000030,00000000), ref: 0017606A
                                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00002001,00000000,FF000000), ref: 00204112
                                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00000409,00000000,FF000000), ref: 0020411F
                                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00000402,00000000,00000000), ref: 0020412A
                                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00000401,00000000,00640000), ref: 00204139
                                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00000404,00000001,00000000), ref: 00204145
                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: MessageSend$CreateObjectStockWindow
                                                                                                                                                                                                                                                                                                                                                                                        • String ID: Msctls_Progress32
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1025951953-3636473452
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 2c06360159c39fc9ec66640c465df212b016c4952eb18b49b5de2c169c94f767
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 82ff81d4511e04f955a88961e6eeb51b11b4d6f26eabce0e3179ef7cfe078592
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2c06360159c39fc9ec66640c465df212b016c4952eb18b49b5de2c169c94f767
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1011B6B215021DBEEF119F64CC85EE77F6DEF09798F008110B718A2091CB729C61DBA4
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 001AD7A3: _free.LIBCMT ref: 001AD7CC
                                                                                                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 001AD82D
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 001A29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,001AD7D1,00000000,00000000,00000000,00000000,?,001AD7F8,00000000,00000007,00000000,?,001ADBF5,00000000), ref: 001A29DE
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 001A29C8: GetLastError.KERNEL32(00000000,?,001AD7D1,00000000,00000000,00000000,00000000,?,001AD7F8,00000000,00000007,00000000,?,001ADBF5,00000000,00000000), ref: 001A29F0
                                                                                                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 001AD838
                                                                                                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 001AD843
                                                                                                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 001AD897
                                                                                                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 001AD8A2
                                                                                                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 001AD8AD
                                                                                                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 001AD8B8
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 776569668-0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: d5e9bbcb1dbdafe4c8d3bd98f36014f41f46dc5d4a3df644b036f3c2391e0fc8
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: bc3552315721127901d1960116a5ab5cc1711b018583edef86f9b4f3b920ad34
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d5e9bbcb1dbdafe4c8d3bd98f36014f41f46dc5d4a3df644b036f3c2391e0fc8
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D3118E75540F14AAD621BFF0DC07FDB7BDCAF22B04F400825F29AA68A2DB34B5058662
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • GetModuleHandleW.KERNEL32(00000000,?,?,00000100,00000000), ref: 001DDA74
                                                                                                                                                                                                                                                                                                                                                                                        • LoadStringW.USER32(00000000), ref: 001DDA7B
                                                                                                                                                                                                                                                                                                                                                                                        • GetModuleHandleW.KERNEL32(00000000,00001389,?,00000100), ref: 001DDA91
                                                                                                                                                                                                                                                                                                                                                                                        • LoadStringW.USER32(00000000), ref: 001DDA98
                                                                                                                                                                                                                                                                                                                                                                                        • MessageBoxW.USER32(00000000,?,?,00011010), ref: 001DDADC
                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                        • %s (%d) : ==> %s: %s %s, xrefs: 001DDAB9
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: HandleLoadModuleString$Message
                                                                                                                                                                                                                                                                                                                                                                                        • String ID: %s (%d) : ==> %s: %s %s
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 4072794657-3128320259
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: f927f779ae63dc0b50b2ac0f0a86c6dd097cf99b10d79406497dca1665307863
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 67e6c5f6196f1952bebde80e699116076d74412b47dc98b08e421a99db6c5e1f
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f927f779ae63dc0b50b2ac0f0a86c6dd097cf99b10d79406497dca1665307863
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F50186F69003087FE7109BA4ED8DEE7736CE708301F504592B706E2182E6749E844F74
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • InterlockedExchange.KERNEL32(00CFF1B0,00CFF1B0), ref: 001E097B
                                                                                                                                                                                                                                                                                                                                                                                        • EnterCriticalSection.KERNEL32(00CFF190,00000000), ref: 001E098D
                                                                                                                                                                                                                                                                                                                                                                                        • TerminateThread.KERNEL32(?,000001F6), ref: 001E099B
                                                                                                                                                                                                                                                                                                                                                                                        • WaitForSingleObject.KERNEL32(?,000003E8), ref: 001E09A9
                                                                                                                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(?), ref: 001E09B8
                                                                                                                                                                                                                                                                                                                                                                                        • InterlockedExchange.KERNEL32(00CFF1B0,000001F6), ref: 001E09C8
                                                                                                                                                                                                                                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(00CFF190), ref: 001E09CF
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: CriticalExchangeInterlockedSection$CloseEnterHandleLeaveObjectSingleTerminateThreadWait
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3495660284-0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: fa885fa4c4ec4f4818b3338f43bdbf86a9b8c2152cc75bc0b49d65c88278df86
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 87c50a26374dfb13bcf15fcdc0df98ee0ad4c94bed0b9c291729dea9f88e9066
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: fa885fa4c4ec4f4818b3338f43bdbf86a9b8c2152cc75bc0b49d65c88278df86
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FEF01D71442A02AFD7426F94EE8CADABA25BF05702F501225F10150CA2C7749465CF90
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • GetClientRect.USER32(?,?), ref: 00175D30
                                                                                                                                                                                                                                                                                                                                                                                        • GetWindowRect.USER32(?,?), ref: 00175D71
                                                                                                                                                                                                                                                                                                                                                                                        • ScreenToClient.USER32(?,?), ref: 00175D99
                                                                                                                                                                                                                                                                                                                                                                                        • GetClientRect.USER32(?,?), ref: 00175ED7
                                                                                                                                                                                                                                                                                                                                                                                        • GetWindowRect.USER32(?,?), ref: 00175EF8
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: Rect$Client$Window$Screen
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1296646539-0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: ba1003d79357295755c0789bb44f16191a7bfcc9505703f99a3e60fe1a3c0936
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: dd93a61fb3cb19723b7bd92c4542ead43ad6f68d904abca391d1dfb0eeaf9bd8
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ba1003d79357295755c0789bb44f16191a7bfcc9505703f99a3e60fe1a3c0936
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0AB15774A00B4ADBDB14CFA9C4807EAB7F2FF48310F14C51AE8A9D7250DB70AA51DB54
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • __allrem.LIBCMT ref: 001A00BA
                                                                                                                                                                                                                                                                                                                                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 001A00D6
                                                                                                                                                                                                                                                                                                                                                                                        • __allrem.LIBCMT ref: 001A00ED
                                                                                                                                                                                                                                                                                                                                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 001A010B
                                                                                                                                                                                                                                                                                                                                                                                        • __allrem.LIBCMT ref: 001A0122
                                                                                                                                                                                                                                                                                                                                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 001A0140
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1992179935-0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: c0aa086816e9a6b10c8594d9af3fc1b6618250ddc70608c46d0048b3e4fbc764
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 2ed0f818a7eb7ace303a13b8604445a64100d64655ef190365d21577ca3f9a02
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c0aa086816e9a6b10c8594d9af3fc1b6618250ddc70608c46d0048b3e4fbc764
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C981297AA00706AFEB259F78CC81BAB73E8AF56364F25413EF511D7281E770D9418B90
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 001F3149: select.WSOCK32(00000000,?,00000000,00000000,?,?,?,00000000,?,?,?,001F101C,00000000,?,?,00000000), ref: 001F3195
                                                                                                                                                                                                                                                                                                                                                                                        • __WSAFDIsSet.WSOCK32(00000000,?,00000000,00000000,?,00000064,00000000), ref: 001F1DC0
                                                                                                                                                                                                                                                                                                                                                                                        • #17.WSOCK32(00000000,?,?,00000000,?,00000010), ref: 001F1DE1
                                                                                                                                                                                                                                                                                                                                                                                        • WSAGetLastError.WSOCK32 ref: 001F1DF2
                                                                                                                                                                                                                                                                                                                                                                                        • inet_ntoa.WSOCK32(?), ref: 001F1E8C
                                                                                                                                                                                                                                                                                                                                                                                        • htons.WSOCK32(?,?,?,?,?), ref: 001F1EDB
                                                                                                                                                                                                                                                                                                                                                                                        • _strlen.LIBCMT ref: 001F1F35
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 001D39E8: _strlen.LIBCMT ref: 001D39F2
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00176D9E: MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,00000000,00000002,?,?,?,?,0018CF58,?,?,?), ref: 00176DBA
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00176D9E: MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,?,?,?,0018CF58,?,?,?), ref: 00176DED
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: ByteCharMultiWide_strlen$ErrorLasthtonsinet_ntoaselect
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1923757996-0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 31c0ee3582adac5c5542d822225190e9edf70b16d2ea71c48f62248f416ba36d
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 90f8cdc0ad3181365588bbcaf65fcb5fc3a287123afe7c7c482f314239f7366c
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 31c0ee3582adac5c5542d822225190e9edf70b16d2ea71c48f62248f416ba36d
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 97A1BF71104344AFC324EF24C895F3A77B5AF94318F54894CF55A5B2A2DB31EE46CB92
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,001982D9,001982D9,?,?,?,001A644F,00000001,00000001,8BE85006), ref: 001A6258
                                                                                                                                                                                                                                                                                                                                                                                        • MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,001A644F,00000001,00000001,8BE85006,?,?,?), ref: 001A62DE
                                                                                                                                                                                                                                                                                                                                                                                        • WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,8BE85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 001A63D8
                                                                                                                                                                                                                                                                                                                                                                                        • __freea.LIBCMT ref: 001A63E5
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 001A3820: RtlAllocateHeap.NTDLL(00000000,?,00241444,?,0018FDF5,?,?,0017A976,00000010,00241440,001713FC,?,001713C6,?,00171129), ref: 001A3852
                                                                                                                                                                                                                                                                                                                                                                                        • __freea.LIBCMT ref: 001A63EE
                                                                                                                                                                                                                                                                                                                                                                                        • __freea.LIBCMT ref: 001A6413
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: ByteCharMultiWide__freea$AllocateHeap
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1414292761-0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 3b76d508b718176744534df1376d0a3438830aa2ce1c92899fd781bb162b619b
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: b1ef66a5d694b8c6d7ce361263cc32e7be0d75a458eda6cc87cee635af8243ab
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3b76d508b718176744534df1376d0a3438830aa2ce1c92899fd781bb162b619b
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6251D0B6A00216AFDF258F64DC81FAF77AAEF56710F194629FC09D6180EB34DC45C6A0
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00179CB3: _wcslen.LIBCMT ref: 00179CBD
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 001FC998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,001FB6AE,?,?), ref: 001FC9B5
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 001FC998: _wcslen.LIBCMT ref: 001FC9F1
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 001FC998: _wcslen.LIBCMT ref: 001FCA68
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 001FC998: _wcslen.LIBCMT ref: 001FCA9E
                                                                                                                                                                                                                                                                                                                                                                                        • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 001FBCCA
                                                                                                                                                                                                                                                                                                                                                                                        • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 001FBD25
                                                                                                                                                                                                                                                                                                                                                                                        • RegCloseKey.ADVAPI32(00000000), ref: 001FBD6A
                                                                                                                                                                                                                                                                                                                                                                                        • RegEnumValueW.ADVAPI32(?,-00000001,?,?,00000000,?,00000000,00000000), ref: 001FBD99
                                                                                                                                                                                                                                                                                                                                                                                        • RegCloseKey.ADVAPI32(?,?,00000000), ref: 001FBDF3
                                                                                                                                                                                                                                                                                                                                                                                        • RegCloseKey.ADVAPI32(?), ref: 001FBDFF
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpperValue
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1120388591-0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 456c49a6faa6e0933cb09d456b2d92259bf4ecc820071705843533c677cd3fed
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 6d284029a8e13ce5a628f92366f0c980c9fa7ea03f062545eb9ee9ed2cd6051b
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 456c49a6faa6e0933cb09d456b2d92259bf4ecc820071705843533c677cd3fed
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B0817970208245AFD714DF64C885E2ABBF5FF84348F14895CF6598B2A2DB32ED45CB92
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • VariantInit.OLEAUT32(00000035), ref: 001CF7B9
                                                                                                                                                                                                                                                                                                                                                                                        • SysAllocString.OLEAUT32(00000001), ref: 001CF860
                                                                                                                                                                                                                                                                                                                                                                                        • VariantCopy.OLEAUT32(001CFA64,00000000), ref: 001CF889
                                                                                                                                                                                                                                                                                                                                                                                        • VariantClear.OLEAUT32(001CFA64), ref: 001CF8AD
                                                                                                                                                                                                                                                                                                                                                                                        • VariantCopy.OLEAUT32(001CFA64,00000000), ref: 001CF8B1
                                                                                                                                                                                                                                                                                                                                                                                        • VariantClear.OLEAUT32(?), ref: 001CF8BB
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: Variant$ClearCopy$AllocInitString
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3859894641-0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 22377deef739da5fd0c5b8493eeb3ac44e2ada12d67b11efd201ab969a1a90f1
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 4038b1eb70d4cc94d9dbe577e07f33080164d2b3a34669020f716aba7d3991de
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 22377deef739da5fd0c5b8493eeb3ac44e2ada12d67b11efd201ab969a1a90f1
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: AB51C335600310ABCF14AB65D896F29B3A6AF65314B20946EF906DF292DB70CC46CB57
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00177620: _wcslen.LIBCMT ref: 00177625
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00176B57: _wcslen.LIBCMT ref: 00176B6A
                                                                                                                                                                                                                                                                                                                                                                                        • GetOpenFileNameW.COMDLG32(00000058), ref: 001E94E5
                                                                                                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 001E9506
                                                                                                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 001E952D
                                                                                                                                                                                                                                                                                                                                                                                        • GetSaveFileNameW.COMDLG32(00000058), ref: 001E9585
                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: _wcslen$FileName$OpenSave
                                                                                                                                                                                                                                                                                                                                                                                        • String ID: X
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 83654149-3081909835
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 864982ff529dc5087ee55ecc734532f2da7023cbb0666cec5c1259308b266b4a
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: df87ed8c8395d93b93483e6e00f2c24f02cc08e86f01a5ffc31befd7f8d4435c
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 864982ff529dc5087ee55ecc734532f2da7023cbb0666cec5c1259308b266b4a
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 39E1BF315087809FD724EF25C881A6EB7F0BF95314F14896DF8999B2A2DB31ED05CB92
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00189BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00189BB2
                                                                                                                                                                                                                                                                                                                                                                                        • BeginPaint.USER32(?,?,?), ref: 00189241
                                                                                                                                                                                                                                                                                                                                                                                        • GetWindowRect.USER32(?,?), ref: 001892A5
                                                                                                                                                                                                                                                                                                                                                                                        • ScreenToClient.USER32(?,?), ref: 001892C2
                                                                                                                                                                                                                                                                                                                                                                                        • SetViewportOrgEx.GDI32(00000000,?,?,00000000), ref: 001892D3
                                                                                                                                                                                                                                                                                                                                                                                        • EndPaint.USER32(?,?,?,?,?), ref: 00189321
                                                                                                                                                                                                                                                                                                                                                                                        • Rectangle.GDI32(00000000,00000000,00000000,?,?), ref: 001C71EA
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00189339: BeginPath.GDI32(00000000), ref: 00189357
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: BeginPaintWindow$ClientLongPathRectRectangleScreenViewport
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3050599898-0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 579fcf9e746d93b2042b8693d941385b982a1e63dfe8d4df5b7474d20c4d310f
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 81772d2d2fba54dbe784f277a117db07384cc83c6d72600b2d30f1b5d06f2535
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 579fcf9e746d93b2042b8693d941385b982a1e63dfe8d4df5b7474d20c4d310f
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7F41AC70104300AFD721EF24E888FBA7BB8EF56720F180629F9A4872E2C7719945DF61
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • InterlockedExchange.KERNEL32(?,000001F5), ref: 001E080C
                                                                                                                                                                                                                                                                                                                                                                                        • ReadFile.KERNEL32(?,?,0000FFFF,?,00000000), ref: 001E0847
                                                                                                                                                                                                                                                                                                                                                                                        • EnterCriticalSection.KERNEL32(?), ref: 001E0863
                                                                                                                                                                                                                                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 001E08DC
                                                                                                                                                                                                                                                                                                                                                                                        • ReadFile.KERNEL32(?,?,0000FFFF,00000000,00000000), ref: 001E08F3
                                                                                                                                                                                                                                                                                                                                                                                        • InterlockedExchange.KERNEL32(?,000001F6), ref: 001E0921
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: CriticalExchangeFileInterlockedReadSection$EnterLeave
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3368777196-0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 754d50158c3baf2ea79174d81f79f73b8f24e10ff40b1a7b82e6efbce9f11d20
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 1fdb2dad87307bf54051f90f4701f0d2a4ac053c8db6f7592f2a2c193c510fc6
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 754d50158c3baf2ea79174d81f79f73b8f24e10ff40b1a7b82e6efbce9f11d20
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 66416871900205EFDF15AF54EC85AAAB7B8FF48300F1440A9ED049A297DB70DEA5DBA0
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • ShowWindow.USER32(FFFFFFFF,00000000,?,00000000,00000000,?,001CF3AB,00000000,?,?,00000000,?,001C682C,00000004,00000000,00000000), ref: 0020824C
                                                                                                                                                                                                                                                                                                                                                                                        • EnableWindow.USER32(?,00000000), ref: 00208272
                                                                                                                                                                                                                                                                                                                                                                                        • ShowWindow.USER32(FFFFFFFF,00000000), ref: 002082D1
                                                                                                                                                                                                                                                                                                                                                                                        • ShowWindow.USER32(?,00000004), ref: 002082E5
                                                                                                                                                                                                                                                                                                                                                                                        • EnableWindow.USER32(?,00000001), ref: 0020830B
                                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,0000130C,00000000,00000000), ref: 0020832F
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: Window$Show$Enable$MessageSend
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 642888154-0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 9ca55f8f00ce2b60867b8b5c09d3f4082985fe48b6b71376e8d61b2c1ef0f40d
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: f28161655317d821c90acce6a47a9c7888bb8820ef1ba93a9a795537cc67530e
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9ca55f8f00ce2b60867b8b5c09d3f4082985fe48b6b71376e8d61b2c1ef0f40d
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 14418434601745AFDF25CF15D89DBA57BE0BB4A714F1842A9E9484F2F3CB31A861CB50
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • IsWindowVisible.USER32(?), ref: 001D4C95
                                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,0000000E,00000000,00000000), ref: 001D4CB2
                                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,0000000D,00000001,00000000), ref: 001D4CEA
                                                                                                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 001D4D08
                                                                                                                                                                                                                                                                                                                                                                                        • CharUpperBuffW.USER32(00000000,00000000,?,?,?,?), ref: 001D4D10
                                                                                                                                                                                                                                                                                                                                                                                        • _wcsstr.LIBVCRUNTIME ref: 001D4D1A
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: MessageSend$BuffCharUpperVisibleWindow_wcslen_wcsstr
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 72514467-0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: f5273a50c0b0a34792dbdd93981010a99dd269fcf5d7621724e6100c0ae2030b
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 27a236f209721c90285862aca2d256e49e1e3413dd82742b1f7b9194e8f8694d
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f5273a50c0b0a34792dbdd93981010a99dd269fcf5d7621724e6100c0ae2030b
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F0212672204200BBEB295B79EC49E7B7B9DDF95750F10812EF809CA292EF71CD4187A0
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00173AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00173A97,?,?,00172E7F,?,?,?,00000000), ref: 00173AC2
                                                                                                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 001E587B
                                                                                                                                                                                                                                                                                                                                                                                        • CoInitialize.OLE32(00000000), ref: 001E5995
                                                                                                                                                                                                                                                                                                                                                                                        • CoCreateInstance.OLE32(0020FCF8,00000000,00000001,0020FB68,?), ref: 001E59AE
                                                                                                                                                                                                                                                                                                                                                                                        • CoUninitialize.OLE32 ref: 001E59CC
                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: CreateFullInitializeInstanceNamePathUninitialize_wcslen
                                                                                                                                                                                                                                                                                                                                                                                        • String ID: .lnk
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3172280962-24824748
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: eed2ab0f194eb289ef5e92920a2f8e52380d119d25751f0a2fff3cca8bb6331f
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: ff3a1979db346eb29a6ee15c0eb47c387493b581596c700a506b22cc44187ed9
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: eed2ab0f194eb289ef5e92920a2f8e52380d119d25751f0a2fff3cca8bb6331f
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 39D15370604B019FC714DF26C48496EBBF2EF99718F14885DF8899B262D731ED45CB92
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 001D0FB4: GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 001D0FCA
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 001D0FB4: GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 001D0FD6
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 001D0FB4: GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 001D0FE5
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 001D0FB4: HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 001D0FEC
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 001D0FB4: GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 001D1002
                                                                                                                                                                                                                                                                                                                                                                                        • GetLengthSid.ADVAPI32(?,00000000,001D1335), ref: 001D17AE
                                                                                                                                                                                                                                                                                                                                                                                        • GetProcessHeap.KERNEL32(00000008,00000000), ref: 001D17BA
                                                                                                                                                                                                                                                                                                                                                                                        • HeapAlloc.KERNEL32(00000000), ref: 001D17C1
                                                                                                                                                                                                                                                                                                                                                                                        • CopySid.ADVAPI32(00000000,00000000,?), ref: 001D17DA
                                                                                                                                                                                                                                                                                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000,001D1335), ref: 001D17EE
                                                                                                                                                                                                                                                                                                                                                                                        • HeapFree.KERNEL32(00000000), ref: 001D17F5
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: Heap$Process$AllocInformationToken$CopyErrorFreeLastLength
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3008561057-0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 605b58ac9bc4c2b4e3889ce4fc802e9f835cb6d7f1c9a6078372980ca84bd7a7
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: c6de7b2e42d04cc36a0f60ddf33534420398586ce1ea892e8b190544545a5fa8
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 605b58ac9bc4c2b4e3889ce4fc802e9f835cb6d7f1c9a6078372980ca84bd7a7
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D711BE72600205FFDB109FA4DC49BAFBBB9FB45355F20422AF44597221C735A940CB60
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • GetCurrentProcess.KERNEL32(0000000A,00000004), ref: 001D14FF
                                                                                                                                                                                                                                                                                                                                                                                        • OpenProcessToken.ADVAPI32(00000000), ref: 001D1506
                                                                                                                                                                                                                                                                                                                                                                                        • CreateEnvironmentBlock.USERENV(?,00000004,00000001), ref: 001D1515
                                                                                                                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(00000004), ref: 001D1520
                                                                                                                                                                                                                                                                                                                                                                                        • CreateProcessWithLogonW.ADVAPI32(?,?,?,00000000,00000000,?,?,00000000,?,?,?), ref: 001D154F
                                                                                                                                                                                                                                                                                                                                                                                        • DestroyEnvironmentBlock.USERENV(00000000), ref: 001D1563
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: Process$BlockCreateEnvironment$CloseCurrentDestroyHandleLogonOpenTokenWith
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1413079979-0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: bab024b6aa76a32528a311262f9226d16bcb6db35f46175203c6dff9619fa879
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 385aa66fb56972fcec9f2918bc0b49405cf3f75157c9580ab8563c1ffc1800bf
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: bab024b6aa76a32528a311262f9226d16bcb6db35f46175203c6dff9619fa879
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 561167B250420DBBDF119FA8ED49FDE7BA9EF49704F148125FA05A21A0C376CE60DB60
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,?,00193379,00192FE5), ref: 00193390
                                                                                                                                                                                                                                                                                                                                                                                        • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 0019339E
                                                                                                                                                                                                                                                                                                                                                                                        • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 001933B7
                                                                                                                                                                                                                                                                                                                                                                                        • SetLastError.KERNEL32(00000000,?,00193379,00192FE5), ref: 00193409
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: ErrorLastValue___vcrt_
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3852720340-0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 35829653a7d3bddb252fdcbf4f9d2c367ebf5c1f72848ed42571c1603c655c5a
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 6d7e691b71490f92b033e05a05577ceaa5dd0ebcd5eb7af1d245efe1462ca8f3
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 35829653a7d3bddb252fdcbf4f9d2c367ebf5c1f72848ed42571c1603c655c5a
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3801DF3266D311BFEF2927B57D89A672AA4EB257797300329F830912F1EF114F025654
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,?,001A5686,001B3CD6,?,00000000,?,001A5B6A,?,?,?,?,?,0019E6D1,?,00238A48), ref: 001A2D78
                                                                                                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 001A2DAB
                                                                                                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 001A2DD3
                                                                                                                                                                                                                                                                                                                                                                                        • SetLastError.KERNEL32(00000000,?,?,?,?,0019E6D1,?,00238A48,00000010,00174F4A,?,?,00000000,001B3CD6), ref: 001A2DE0
                                                                                                                                                                                                                                                                                                                                                                                        • SetLastError.KERNEL32(00000000,?,?,?,?,0019E6D1,?,00238A48,00000010,00174F4A,?,?,00000000,001B3CD6), ref: 001A2DEC
                                                                                                                                                                                                                                                                                                                                                                                        • _abort.LIBCMT ref: 001A2DF2
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: ErrorLast$_free$_abort
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3160817290-0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: fcb79b358b60a00d91f949699893763f7581d0449ed1535da2b5161ea612ba57
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: a206bd179b7b03833c716b7e24936e6059a8133b12eb8ef74df3f6467ae15484
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: fcb79b358b60a00d91f949699893763f7581d0449ed1535da2b5161ea612ba57
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3CF0C87D5056006BC22227BDBC0AF2B265AAFD37B1F350519F828D31D7EF3488025261
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00189639: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00189693
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00189639: SelectObject.GDI32(?,00000000), ref: 001896A2
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00189639: BeginPath.GDI32(?), ref: 001896B9
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00189639: SelectObject.GDI32(?,00000000), ref: 001896E2
                                                                                                                                                                                                                                                                                                                                                                                        • MoveToEx.GDI32(?,-00000002,00000000,00000000), ref: 00208A4E
                                                                                                                                                                                                                                                                                                                                                                                        • LineTo.GDI32(?,00000003,00000000), ref: 00208A62
                                                                                                                                                                                                                                                                                                                                                                                        • MoveToEx.GDI32(?,00000000,-00000002,00000000), ref: 00208A70
                                                                                                                                                                                                                                                                                                                                                                                        • LineTo.GDI32(?,00000000,00000003), ref: 00208A80
                                                                                                                                                                                                                                                                                                                                                                                        • EndPath.GDI32(?), ref: 00208A90
                                                                                                                                                                                                                                                                                                                                                                                        • StrokePath.GDI32(?), ref: 00208AA0
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: Path$LineMoveObjectSelect$BeginCreateStroke
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 43455801-0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: c7ca4eb3ea44383660ecc89ac0a42112e9d9370bbcdcdaefa56fc709a7aa9b48
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 52467a45c7e4016b1e9df27681e83caae43959fa8f1be4a72c093effe041a43b
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c7ca4eb3ea44383660ecc89ac0a42112e9d9370bbcdcdaefa56fc709a7aa9b48
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 45111EB600024DFFEF119F90EC88EAA7F6DEB04350F148111FA19951A1C7719D55DFA0
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • GetDC.USER32(00000000), ref: 001D5218
                                                                                                                                                                                                                                                                                                                                                                                        • GetDeviceCaps.GDI32(00000000,00000058), ref: 001D5229
                                                                                                                                                                                                                                                                                                                                                                                        • GetDeviceCaps.GDI32(00000000,0000005A), ref: 001D5230
                                                                                                                                                                                                                                                                                                                                                                                        • ReleaseDC.USER32(00000000,00000000), ref: 001D5238
                                                                                                                                                                                                                                                                                                                                                                                        • MulDiv.KERNEL32(000009EC,?,00000000), ref: 001D524F
                                                                                                                                                                                                                                                                                                                                                                                        • MulDiv.KERNEL32(000009EC,00000001,?), ref: 001D5261
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: CapsDevice$Release
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1035833867-0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: e6962d204832bb77a5dba59e598bd2c18a6d0ba70c162b2e110c28e270c3b057
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 419c6aa9ce3e97b29ad8d954a5bd0a381bfeae5bda109f22aa14dc312c0ee413
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e6962d204832bb77a5dba59e598bd2c18a6d0ba70c162b2e110c28e270c3b057
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A6018FB5A00708BBEB109BA59C49F4EBFB9EB58751F144166FA04A7281D6709804CBA0
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • MapVirtualKeyW.USER32(0000005B,00000000), ref: 00171BF4
                                                                                                                                                                                                                                                                                                                                                                                        • MapVirtualKeyW.USER32(00000010,00000000), ref: 00171BFC
                                                                                                                                                                                                                                                                                                                                                                                        • MapVirtualKeyW.USER32(000000A0,00000000), ref: 00171C07
                                                                                                                                                                                                                                                                                                                                                                                        • MapVirtualKeyW.USER32(000000A1,00000000), ref: 00171C12
                                                                                                                                                                                                                                                                                                                                                                                        • MapVirtualKeyW.USER32(00000011,00000000), ref: 00171C1A
                                                                                                                                                                                                                                                                                                                                                                                        • MapVirtualKeyW.USER32(00000012,00000000), ref: 00171C22
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: Virtual
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 4278518827-0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: cec40cef614fd2d822a71f30893fa2c586ed7cbab612551ec9c94c3199a8d29e
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 0fa7cbcd10a937b749345293cc7eb401518ea9672fd79ab498ebaff1a23a0eaf
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: cec40cef614fd2d822a71f30893fa2c586ed7cbab612551ec9c94c3199a8d29e
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2A016CB09027597DE3008F5A8C85B52FFA8FF59354F00411B915C47942C7F5A864CBE5
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • PostMessageW.USER32(?,00000010,00000000,00000000), ref: 001DEB30
                                                                                                                                                                                                                                                                                                                                                                                        • SendMessageTimeoutW.USER32(?,00000010,00000000,00000000,00000002,000001F4,?), ref: 001DEB46
                                                                                                                                                                                                                                                                                                                                                                                        • GetWindowThreadProcessId.USER32(?,?), ref: 001DEB55
                                                                                                                                                                                                                                                                                                                                                                                        • OpenProcess.KERNEL32(001F0FFF,00000000,?,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 001DEB64
                                                                                                                                                                                                                                                                                                                                                                                        • TerminateProcess.KERNEL32(00000000,00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 001DEB6E
                                                                                                                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 001DEB75
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: Process$Message$CloseHandleOpenPostSendTerminateThreadTimeoutWindow
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 839392675-0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 1860760ecef667ed24707e93314c60c98afc2df7d3d33d4eef1fa85147af639a
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 6a5d92ca12229199dac031f4ac1153c81cdfd4f0ab91f3a64b2cbe6004059bad
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1860760ecef667ed24707e93314c60c98afc2df7d3d33d4eef1fa85147af639a
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3AF054B2140258BBE7316B52EC0DEEF7E7CEFCAB11F104259F601D1192D7A15A01C6B5
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • GetClientRect.USER32(?), ref: 001C7452
                                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001328,00000000,?), ref: 001C7469
                                                                                                                                                                                                                                                                                                                                                                                        • GetWindowDC.USER32(?), ref: 001C7475
                                                                                                                                                                                                                                                                                                                                                                                        • GetPixel.GDI32(00000000,?,?), ref: 001C7484
                                                                                                                                                                                                                                                                                                                                                                                        • ReleaseDC.USER32(?,00000000), ref: 001C7496
                                                                                                                                                                                                                                                                                                                                                                                        • GetSysColor.USER32(00000005), ref: 001C74B0
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: ClientColorMessagePixelRectReleaseSendWindow
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 272304278-0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: adc77d7886a517bdded66f67e02f244b832d7aa07b12953bc1d0d148d1a1b88c
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 6e49135ae7c688160aa3f8b929647aa7e59366a00119c28ea23879051577997e
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: adc77d7886a517bdded66f67e02f244b832d7aa07b12953bc1d0d148d1a1b88c
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F2018B71400205EFDB245F64EC0CFAA7FB9FB04321F610264FA15A21E2CB311E51AF10
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • WaitForSingleObject.KERNEL32(?,000000FF), ref: 001D187F
                                                                                                                                                                                                                                                                                                                                                                                        • UnloadUserProfile.USERENV(?,?), ref: 001D188B
                                                                                                                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(?), ref: 001D1894
                                                                                                                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(?), ref: 001D189C
                                                                                                                                                                                                                                                                                                                                                                                        • GetProcessHeap.KERNEL32(00000000,?), ref: 001D18A5
                                                                                                                                                                                                                                                                                                                                                                                        • HeapFree.KERNEL32(00000000), ref: 001D18AC
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: CloseHandleHeap$FreeObjectProcessProfileSingleUnloadUserWait
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 146765662-0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 738510df06a826285d2e2f458165425e2dc521d75e2f1f2354fb6e02a329503c
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 44fff6088ad8aa84e6b11e7ca6bf62510f22556a442ba014c617a70f7ebc0dec
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 738510df06a826285d2e2f458165425e2dc521d75e2f1f2354fb6e02a329503c
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D3E075B6104605BBDB016FA5FD0C94AFF79FF49B22B608725F229814B2CB329461DF90
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • __Init_thread_footer.LIBCMT ref: 0017BEB3
                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: Init_thread_footer
                                                                                                                                                                                                                                                                                                                                                                                        • String ID: D%$$D%$$D%$$D%$D%$
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1385522511-512792284
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 39ba8c707c93c60312a2d8c1a938b1cbf42bbf08477ef99b1ec5863918f63547
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 5df187be193021547343e73a3e470d86b3fb04bda4406150f4d0552f2816464a
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 39ba8c707c93c60312a2d8c1a938b1cbf42bbf08477ef99b1ec5863918f63547
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8C914B75A0820ACFCB18CF99C0D06AAB7F1FF59314F65C169E949AB351D731E981CB90
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00177620: _wcslen.LIBCMT ref: 00177625
                                                                                                                                                                                                                                                                                                                                                                                        • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 001DC6EE
                                                                                                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 001DC735
                                                                                                                                                                                                                                                                                                                                                                                        • SetMenuItemInfoW.USER32(?,?,00000000,?), ref: 001DC79C
                                                                                                                                                                                                                                                                                                                                                                                        • SetMenuDefaultItem.USER32(?,000000FF,00000000), ref: 001DC7CA
                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: ItemMenu$Info_wcslen$Default
                                                                                                                                                                                                                                                                                                                                                                                        • String ID: 0
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1227352736-4108050209
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 0cab42aeb9b543717ea3aaa0ab81d5b5085ec253c358c717993949d86ea91c41
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 14c4a4a0f071960fb7c7c59f1af50ea78fad3c97d1b5063209f36388c1b65a28
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0cab42aeb9b543717ea3aaa0ab81d5b5085ec253c358c717993949d86ea91c41
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9051AD726143029BD7149F28C885B6BB7E8AF99314F040E2EF995D23E1DB70D944CF92
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • ShellExecuteExW.SHELL32(0000003C), ref: 001FAEA3
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00177620: _wcslen.LIBCMT ref: 00177625
                                                                                                                                                                                                                                                                                                                                                                                        • GetProcessId.KERNEL32(00000000), ref: 001FAF38
                                                                                                                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 001FAF67
                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: CloseExecuteHandleProcessShell_wcslen
                                                                                                                                                                                                                                                                                                                                                                                        • String ID: <$@
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 146682121-1426351568
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: dfc2d3762b9e1394e5af7fbc804a5f8699fa7f06ff22904dbd2f4f758f849cc3
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 93759b5c381aa90ebdeddc1e1b402e0bfb426f0f07821404d1bcc7ee1b29bed2
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: dfc2d3762b9e1394e5af7fbc804a5f8699fa7f06ff22904dbd2f4f758f849cc3
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 79719DB0A00619DFCB14DF64D494AAEBBF0FF08314F548499E91AAB392C774ED45CB91
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • CoCreateInstance.OLE32(?,00000000,00000005,?,?,?,?,?,?,?,?,?,?,?), ref: 001D7206
                                                                                                                                                                                                                                                                                                                                                                                        • SetErrorMode.KERNEL32(00000001,?,?,?,?,?,?,?,?,?), ref: 001D723C
                                                                                                                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(?,DllGetClassObject), ref: 001D724D
                                                                                                                                                                                                                                                                                                                                                                                        • SetErrorMode.KERNEL32(00000000,?,?,?,?,?,?,?,?,?), ref: 001D72CF
                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: ErrorMode$AddressCreateInstanceProc
                                                                                                                                                                                                                                                                                                                                                                                        • String ID: DllGetClassObject
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 753597075-1075368562
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 988abeeb6be08cc69256a4fc1c80641d71ed6977ede1541ee5372bfb842be682
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: b115d1ff99f1cf32e5174bd3a0c60e36f24ca30a9fd9301bc9e6fa0171f059a0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 988abeeb6be08cc69256a4fc1c80641d71ed6977ede1541ee5372bfb842be682
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 104162B1604204EFDB15CF54C884A9A7BB9EF44310F2580AEBD059F38AE7B5DD45CBA0
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00203E35
                                                                                                                                                                                                                                                                                                                                                                                        • IsMenu.USER32(?), ref: 00203E4A
                                                                                                                                                                                                                                                                                                                                                                                        • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 00203E92
                                                                                                                                                                                                                                                                                                                                                                                        • DrawMenuBar.USER32 ref: 00203EA5
                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: Menu$Item$DrawInfoInsert
                                                                                                                                                                                                                                                                                                                                                                                        • String ID: 0
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3076010158-4108050209
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: f53ee79a79dd41d63e8312e36c02797851d8cb886932b5aa5c1a375f584cd670
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 7f0bc25bdf22da8315679b069a5c9baa7b2cf1153f9896fb94ef18635ade758c
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f53ee79a79dd41d63e8312e36c02797851d8cb886932b5aa5c1a375f584cd670
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 49414C75A2130AEFDB10DF50D884AAABBB9FF49350F044219E905A7292D730AE64CF50
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00179CB3: _wcslen.LIBCMT ref: 00179CBD
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 001D3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 001D3CCA
                                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00000188,00000000,00000000), ref: 001D1E66
                                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,0000018A,00000000,00000000), ref: 001D1E79
                                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00000189,?,00000000), ref: 001D1EA9
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00176B57: _wcslen.LIBCMT ref: 00176B6A
                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: MessageSend$_wcslen$ClassName
                                                                                                                                                                                                                                                                                                                                                                                        • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2081771294-1403004172
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 0443efc1597ea815e2a5e0bef4c4c2a704b433d1e97886f2211863a8a833a0b7
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 3f331feac00b79c85f759aa825e915da30b168927342cd26943f9110e4e6ad66
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0443efc1597ea815e2a5e0bef4c4c2a704b433d1e97886f2211863a8a833a0b7
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7D213B71A00104BEDB19AB64DC46CFFB7BDDF56354B14411AF825A72E1DB344A0A9620
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: _wcslen
                                                                                                                                                                                                                                                                                                                                                                                        • String ID: HKEY_LOCAL_MACHINE$HKLM
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 176396367-4004644295
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 8e53f343c274e344e7fa89cd0ca8c2fac200fdf819971e3de086fb6af5d8274a
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 6a87e73eee2925650124cab27b001f9d526f95b05a4840a0dbb696c36300fe5f
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8e53f343c274e344e7fa89cd0ca8c2fac200fdf819971e3de086fb6af5d8274a
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D7313473A0016E4BCB20DF2C9A514BE33A19BB1744F054029EA05AB244FB71EE85E7E0
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00000467,00000000,?), ref: 00202F8D
                                                                                                                                                                                                                                                                                                                                                                                        • LoadLibraryW.KERNEL32(?), ref: 00202F94
                                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00000467,00000000,00000000), ref: 00202FA9
                                                                                                                                                                                                                                                                                                                                                                                        • DestroyWindow.USER32(?), ref: 00202FB1
                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: MessageSend$DestroyLibraryLoadWindow
                                                                                                                                                                                                                                                                                                                                                                                        • String ID: SysAnimate32
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3529120543-1011021900
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: ecd8fcac9e2e2644ae564e03d3dd41827665338a7edb24b8edaf20cb534b8d0b
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 9c1e8d45e3f3b0a90b6b2795cc652c81fb1ea7b7a9859bff1a3cd803b67e2a30
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ecd8fcac9e2e2644ae564e03d3dd41827665338a7edb24b8edaf20cb534b8d0b
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CA21BE71220307EBEB114F649C8CEBB77BDEB593A4F20021AF910924D2C771DC659760
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,00194D1E,001A28E9,?,00194CBE,001A28E9,002388B8,0000000C,00194E15,001A28E9,00000002), ref: 00194D8D
                                                                                                                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00194DA0
                                                                                                                                                                                                                                                                                                                                                                                        • FreeLibrary.KERNEL32(00000000,?,?,?,00194D1E,001A28E9,?,00194CBE,001A28E9,002388B8,0000000C,00194E15,001A28E9,00000002,00000000), ref: 00194DC3
                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                                                                                                                                                                                                        • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 4061214504-1276376045
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: db9ed0a44dc5bb1823e7676e592290227befbfed367f887e45dbd51dea988e9c
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 491d1a58c038f2c62e5af7c6bc53f1c1c6622a4beac5f7b78250ecc7eb545861
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: db9ed0a44dc5bb1823e7676e592290227befbfed367f887e45dbd51dea988e9c
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 49F0AF34A00308BBDB159F90EC4DBEDBBF4EF14712F1001A4F809A22A1DB705A81CB90
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • LoadLibraryA.KERNEL32 ref: 001CD3AD
                                                                                                                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,GetSystemWow64DirectoryW), ref: 001CD3BF
                                                                                                                                                                                                                                                                                                                                                                                        • FreeLibrary.KERNEL32(00000000), ref: 001CD3E5
                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                                                                                                                                                                                                                                        • String ID: GetSystemWow64DirectoryW$X64
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 145871493-2590602151
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: ff9f59bdcd40c97c4bf6b3f86150af4e17d1fee1899a601e1c57e494a5c125c6
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 1947794a5bb9aadfc985b9155e01bd339b509b5e1491cdbde746edb008b3e153
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ff9f59bdcd40c97c4bf6b3f86150af4e17d1fee1899a601e1c57e494a5c125c6
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 24F05CF18167609BC73917107C58F1AB714AF31701F7652BDF40AE1086CB20CD408B92
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • LoadLibraryA.KERNEL32(kernel32.dll,?,?,00174EDD,?,00241418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00174E9C
                                                                                                                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 00174EAE
                                                                                                                                                                                                                                                                                                                                                                                        • FreeLibrary.KERNEL32(00000000,?,?,00174EDD,?,00241418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00174EC0
                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                                                                                                                                                                                                                                        • String ID: Wow64DisableWow64FsRedirection$kernel32.dll
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 145871493-3689287502
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 1c9f536cc8a49b0c3ff47ba34f2ff043520e2454e39baafe6d99336bb495c36c
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: fab88944054f157180b0b5c8f72aeb709cff5b8dcdd4831bbd72a9bff2e4e066
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1c9f536cc8a49b0c3ff47ba34f2ff043520e2454e39baafe6d99336bb495c36c
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 97E086B6A017225BD22117257C1CA6BA564AF82B72B154215FC08D2142DF68CD0180B4
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • LoadLibraryA.KERNEL32(kernel32.dll,?,?,001B3CDE,?,00241418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00174E62
                                                                                                                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00174E74
                                                                                                                                                                                                                                                                                                                                                                                        • FreeLibrary.KERNEL32(00000000,?,?,001B3CDE,?,00241418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00174E87
                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                                                                                                                                                                                                                                        • String ID: Wow64RevertWow64FsRedirection$kernel32.dll
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 145871493-1355242751
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 59e5c0574e138e8e0f4be9ae6aa06dc40464d0d0ad2729eb5e840c5f63b9fcf3
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 223870cf0058988980583aa3501197b951c082540929de84d8fffb5f05779d5c
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 59e5c0574e138e8e0f4be9ae6aa06dc40464d0d0ad2729eb5e840c5f63b9fcf3
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4AD0C27254272157E6221B247C0CD8BAA2CEF86B213154310B80CE2152CF68CE0182E0
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 001E2C05
                                                                                                                                                                                                                                                                                                                                                                                        • DeleteFileW.KERNEL32(?), ref: 001E2C87
                                                                                                                                                                                                                                                                                                                                                                                        • CopyFileW.KERNEL32(?,?,00000000,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001), ref: 001E2C9D
                                                                                                                                                                                                                                                                                                                                                                                        • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 001E2CAE
                                                                                                                                                                                                                                                                                                                                                                                        • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 001E2CC0
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: File$Delete$Copy
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3226157194-0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: ab16158acfb207f9968c099058d726024832c5efaa0805a008ae6d760b32b758
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 755e34c147926aacea587fa41d4b345523def305c3540e686eb247fc5fbf8716
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ab16158acfb207f9968c099058d726024832c5efaa0805a008ae6d760b32b758
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 82B16DB2D00519ABDF25EBA5CC95EDEB7BDEF58340F1040A6FA09E7141EB309A448F61
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • GetCurrentProcessId.KERNEL32 ref: 001FA427
                                                                                                                                                                                                                                                                                                                                                                                        • OpenProcess.KERNEL32(00000410,00000000,00000000), ref: 001FA435
                                                                                                                                                                                                                                                                                                                                                                                        • GetProcessIoCounters.KERNEL32(00000000,?), ref: 001FA468
                                                                                                                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(?), ref: 001FA63D
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: Process$CloseCountersCurrentHandleOpen
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3488606520-0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 3826de4e72dc0882f04fb702b08fe20bb927c0579cde9131eb9cee2878384856
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: db4ef4cacddd920a8c275b32243aa020153caae7a5bb721324694f12d869d4d9
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3826de4e72dc0882f04fb702b08fe20bb927c0579cde9131eb9cee2878384856
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0BA1B0B16043009FD720DF28D886F2AB7E5AF98714F54885CFA5A9B392D774ED418B82
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 001DDDE0: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,001DCF22,?), ref: 001DDDFD
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 001DDDE0: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,001DCF22,?), ref: 001DDE16
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 001DE199: GetFileAttributesW.KERNEL32(?,001DCF95), ref: 001DE19A
                                                                                                                                                                                                                                                                                                                                                                                        • lstrcmpiW.KERNEL32(?,?), ref: 001DE473
                                                                                                                                                                                                                                                                                                                                                                                        • MoveFileW.KERNEL32(?,?), ref: 001DE4AC
                                                                                                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 001DE5EB
                                                                                                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 001DE603
                                                                                                                                                                                                                                                                                                                                                                                        • SHFileOperationW.SHELL32(?,?,?,?,?,?), ref: 001DE650
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: File$FullNamePath_wcslen$AttributesMoveOperationlstrcmpi
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3183298772-0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 2594e69051f2a575a73757d3b9aea47db2029ef1e410f3330686d52db5ea703f
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 732c6807211f241c8838ef22ce9f2ed784369fac43fbdb31bf92063283c3e323
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2594e69051f2a575a73757d3b9aea47db2029ef1e410f3330686d52db5ea703f
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0E5160B24087859BCB24EB94DC819DFB3ECAF94341F00491FF589D7291EF74A6888766
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00179CB3: _wcslen.LIBCMT ref: 00179CBD
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 001FC998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,001FB6AE,?,?), ref: 001FC9B5
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 001FC998: _wcslen.LIBCMT ref: 001FC9F1
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 001FC998: _wcslen.LIBCMT ref: 001FCA68
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 001FC998: _wcslen.LIBCMT ref: 001FCA9E
                                                                                                                                                                                                                                                                                                                                                                                        • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 001FBAA5
                                                                                                                                                                                                                                                                                                                                                                                        • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 001FBB00
                                                                                                                                                                                                                                                                                                                                                                                        • RegEnumKeyExW.ADVAPI32(?,-00000001,?,?,00000000,00000000,00000000,?), ref: 001FBB63
                                                                                                                                                                                                                                                                                                                                                                                        • RegCloseKey.ADVAPI32(?,?), ref: 001FBBA6
                                                                                                                                                                                                                                                                                                                                                                                        • RegCloseKey.ADVAPI32(00000000), ref: 001FBBB3
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpper
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 826366716-0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: fd51491637660f01c45d6b5e2734ac7572f71b29e8d90ee180121bba50ceb0d9
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 15e56a1cad4c3977ee80a5866c3a7c664a4fcfaae340fa11e2c35fba0615658c
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: fd51491637660f01c45d6b5e2734ac7572f71b29e8d90ee180121bba50ceb0d9
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: AA617B71208245AFD714DF14C8D1E2ABBE5FF84308F54899CF59A8B2A2DB31ED45CB92
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • VariantInit.OLEAUT32(?), ref: 001D8BCD
                                                                                                                                                                                                                                                                                                                                                                                        • VariantClear.OLEAUT32 ref: 001D8C3E
                                                                                                                                                                                                                                                                                                                                                                                        • VariantClear.OLEAUT32 ref: 001D8C9D
                                                                                                                                                                                                                                                                                                                                                                                        • VariantClear.OLEAUT32(?), ref: 001D8D10
                                                                                                                                                                                                                                                                                                                                                                                        • VariantChangeType.OLEAUT32(?,?,00000000,00000013), ref: 001D8D3B
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: Variant$Clear$ChangeInitType
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 4136290138-0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 1688480a8ade3d9f2222703655439fa91d2e5af70d7579112c6b1f55a8eb130c
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: cf85b0f9811c027f15372921159a1ee56c4fc12a88738585fe12c2838660397b
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1688480a8ade3d9f2222703655439fa91d2e5af70d7579112c6b1f55a8eb130c
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A9516AB5A00619EFCB14CF68D894AAAB7F9FF89310B15856AF905DB350E730E911CF90
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • GetPrivateProfileSectionW.KERNEL32(00000003,?,00007FFF,?), ref: 001E8BAE
                                                                                                                                                                                                                                                                                                                                                                                        • GetPrivateProfileSectionW.KERNEL32(?,00000003,00000003,?), ref: 001E8BDA
                                                                                                                                                                                                                                                                                                                                                                                        • WritePrivateProfileSectionW.KERNEL32(?,?,?), ref: 001E8C32
                                                                                                                                                                                                                                                                                                                                                                                        • WritePrivateProfileStringW.KERNEL32(00000003,00000000,00000000,?), ref: 001E8C57
                                                                                                                                                                                                                                                                                                                                                                                        • WritePrivateProfileStringW.KERNEL32(00000000,00000000,00000000,?), ref: 001E8C5F
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: PrivateProfile$SectionWrite$String
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2832842796-0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 2c07e2affb67dcbaecc03a25fdb9fc873f1c4430ab16477a4019c0327dced0a3
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: cb0e36faf42541af961a959b050a343e285d2055b5b0dc43d9d9c680a6b4467e
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2c07e2affb67dcbaecc03a25fdb9fc873f1c4430ab16477a4019c0327dced0a3
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 89514935A006189FCB05DF65C881AADBBF5FF49314F18C058E849AB3A2CB31ED51CB90
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • LoadLibraryW.KERNEL32(?,00000000,?), ref: 001F8F40
                                                                                                                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,?), ref: 001F8FD0
                                                                                                                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,00000000), ref: 001F8FEC
                                                                                                                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,?), ref: 001F9032
                                                                                                                                                                                                                                                                                                                                                                                        • FreeLibrary.KERNEL32(00000000), ref: 001F9052
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 0018F6C9: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,00000000,?,?,?,001E1043,?,753CE610), ref: 0018F6E6
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 0018F6C9: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,001CFA64,00000000,00000000,?,?,001E1043,?,753CE610,?,001CFA64), ref: 0018F70D
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: AddressProc$ByteCharLibraryMultiWide$FreeLoad
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 666041331-0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 3deb76ee1d2d8ee04b85b5706f7ab7ad9d78ade548e1165cc19ed6d0e84bcc42
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 0b965c802fa30f0be92df58a30b010719886b8b721e77ee416dfc0d8c4576991
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3deb76ee1d2d8ee04b85b5706f7ab7ad9d78ade548e1165cc19ed6d0e84bcc42
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5E515A34604209DFC715EF58C484DADBBF1FF59314B1981A8E90A9B362DB31ED86CB91
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • SetWindowLongW.USER32(00000002,000000F0,?), ref: 00206C33
                                                                                                                                                                                                                                                                                                                                                                                        • SetWindowLongW.USER32(?,000000EC,?), ref: 00206C4A
                                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000002,00001036,00000000,?), ref: 00206C73
                                                                                                                                                                                                                                                                                                                                                                                        • ShowWindow.USER32(00000002,00000000,00000002,00000002,?,?,?,?,?,?,?,001EAB79,00000000,00000000), ref: 00206C98
                                                                                                                                                                                                                                                                                                                                                                                        • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000027,00000002,?,00000001,00000002,00000002,?,?,?), ref: 00206CC7
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: Window$Long$MessageSendShow
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3688381893-0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 825d5acdb52a5f27ae61855ace0b66632ef46aaf011af3b94f5b3d045a0c0367
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: f4c06a5da7eff2f3bc77134aa09421023719dd78f22533b4e5da2b9a6958648a
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 825d5acdb52a5f27ae61855ace0b66632ef46aaf011af3b94f5b3d045a0c0367
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2B41D775624305AFE724CF28CC5CFA97BA9EB09360F140229F895A72E2C771ED71CA40
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: _free
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 269201875-0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 894ca64c1a8fb4a3add6864856b5a4772e5df854cc3711ff4fe8e8180b4d7d86
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 43700c362a8e0f442f8ce7f67d34a88b1977e377d7a72f16f5c035cdbceba2ca
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 894ca64c1a8fb4a3add6864856b5a4772e5df854cc3711ff4fe8e8180b4d7d86
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E441D37AA002009FCB24DF7CC981A5EB7F5EF9A714F254569E515EB352D731AD01CB80
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • GetCursorPos.USER32(?), ref: 00189141
                                                                                                                                                                                                                                                                                                                                                                                        • ScreenToClient.USER32(00000000,?), ref: 0018915E
                                                                                                                                                                                                                                                                                                                                                                                        • GetAsyncKeyState.USER32(00000001), ref: 00189183
                                                                                                                                                                                                                                                                                                                                                                                        • GetAsyncKeyState.USER32(00000002), ref: 0018919D
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: AsyncState$ClientCursorScreen
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 4210589936-0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 6bf9756eeb9874f2f9adad6508a23f04e62f8403fb1b88349281a1cbbaae1454
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 6cb6e44049075c474657ecd72cd316fad84f99d530bb8d46b77226e0eb319397
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6bf9756eeb9874f2f9adad6508a23f04e62f8403fb1b88349281a1cbbaae1454
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 32415F71A0860AFBDF19AF64C848BFEB774FB15324F24421AE425A32D1C7709A54CF51
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • GetInputState.USER32 ref: 001E38CB
                                                                                                                                                                                                                                                                                                                                                                                        • TranslateAcceleratorW.USER32(?,00000000,?), ref: 001E3922
                                                                                                                                                                                                                                                                                                                                                                                        • TranslateMessage.USER32(?), ref: 001E394B
                                                                                                                                                                                                                                                                                                                                                                                        • DispatchMessageW.USER32(?), ref: 001E3955
                                                                                                                                                                                                                                                                                                                                                                                        • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 001E3966
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: Message$Translate$AcceleratorDispatchInputPeekState
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2256411358-0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: cdbbf50527dfa202481a4d782fcad60062cd67afaafb922f3196463dcb077341
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 3012ce5b4ba70e119e504a2a188965995ad2048ee22efd34e96e0747ae6de3c7
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: cdbbf50527dfa202481a4d782fcad60062cd67afaafb922f3196463dcb077341
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A131D974504BC19EEB39CB36EC4CFBA3BA8AB16308F540559E472931A2D3B49685CB21
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • InternetQueryDataAvailable.WININET(?,?,00000000,00000000,00000000,?,00000000,?,?,?,001EC21E,00000000), ref: 001ECF38
                                                                                                                                                                                                                                                                                                                                                                                        • InternetReadFile.WININET(?,00000000,?,?), ref: 001ECF6F
                                                                                                                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,00000000,?,?,?,001EC21E,00000000), ref: 001ECFB4
                                                                                                                                                                                                                                                                                                                                                                                        • SetEvent.KERNEL32(?,?,00000000,?,?,?,001EC21E,00000000), ref: 001ECFC8
                                                                                                                                                                                                                                                                                                                                                                                        • SetEvent.KERNEL32(?,?,00000000,?,?,?,001EC21E,00000000), ref: 001ECFF2
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: EventInternet$AvailableDataErrorFileLastQueryRead
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3191363074-0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: c763f5a5b6388e634154f91affe140f7053bf2d79cd5af631ce9a74d194944f2
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 4f37e0d58dea45d2c5ff1d73b899f1bac2eb30dba63e1eafb1adb25faeb81a66
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c763f5a5b6388e634154f91affe140f7053bf2d79cd5af631ce9a74d194944f2
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4E317FB1500B45EFDB24DFA6DC84AAFBBF9EF14311B10452EF506D2111D730AE429BA0
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • GetWindowRect.USER32(?,?), ref: 001D1915
                                                                                                                                                                                                                                                                                                                                                                                        • PostMessageW.USER32(00000001,00000201,00000001), ref: 001D19C1
                                                                                                                                                                                                                                                                                                                                                                                        • Sleep.KERNEL32(00000000,?,?,?), ref: 001D19C9
                                                                                                                                                                                                                                                                                                                                                                                        • PostMessageW.USER32(00000001,00000202,00000000), ref: 001D19DA
                                                                                                                                                                                                                                                                                                                                                                                        • Sleep.KERNEL32(00000000,?,?,?,?), ref: 001D19E2
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: MessagePostSleep$RectWindow
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3382505437-0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 7d3879b19035d915aaf898245ce382d857bda0ed945ffefd123ce9138eddd6bf
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: af4796eb0f5f8051c1b0dceba3fdbb45b2bb6ad598996c293a5be72c7650db4b
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7d3879b19035d915aaf898245ce382d857bda0ed945ffefd123ce9138eddd6bf
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 55318F72900219FFCB18CFA8D9A9ADE7BB5EB44319F104326F925A72D1C7709954CB90
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001053,000000FF,?), ref: 00205745
                                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001074,?,00000001), ref: 0020579D
                                                                                                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 002057AF
                                                                                                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 002057BA
                                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001002,00000000,?), ref: 00205816
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: MessageSend$_wcslen
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 763830540-0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 38a5964d0839b59fb45b3dc4d2cf8e46db57a2bf9a565d3e5861b82d0fa0c8a6
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: e82ac8fded7e2d7c22f22e09eb20ef0e1f8ed48b3733aba16fc739bad73fcef3
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 38a5964d0839b59fb45b3dc4d2cf8e46db57a2bf9a565d3e5861b82d0fa0c8a6
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8821A575924729AADF208F60DC84AEEB7BCFF44724F108216F919EA1D2D7B08995CF50
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • IsWindow.USER32(00000000), ref: 001F0951
                                                                                                                                                                                                                                                                                                                                                                                        • GetForegroundWindow.USER32 ref: 001F0968
                                                                                                                                                                                                                                                                                                                                                                                        • GetDC.USER32(00000000), ref: 001F09A4
                                                                                                                                                                                                                                                                                                                                                                                        • GetPixel.GDI32(00000000,?,00000003), ref: 001F09B0
                                                                                                                                                                                                                                                                                                                                                                                        • ReleaseDC.USER32(00000000,00000003), ref: 001F09E8
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: Window$ForegroundPixelRelease
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 4156661090-0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 3a1d766aaea50812f0edc11db3a404767b8e6e84fa98048d82af809bd8db250e
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: fc3abced1c927a3f46ba8d678b57d5861adfd65619a1cab5a841ef22055f7afd
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3a1d766aaea50812f0edc11db3a404767b8e6e84fa98048d82af809bd8db250e
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C4216F75600204AFD714EF65D889AAEBBF9FF58704F148168F94A97362DB70AC04CB50
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • GetEnvironmentStringsW.KERNEL32 ref: 001ACDC6
                                                                                                                                                                                                                                                                                                                                                                                        • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 001ACDE9
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 001A3820: RtlAllocateHeap.NTDLL(00000000,?,00241444,?,0018FDF5,?,?,0017A976,00000010,00241440,001713FC,?,001713C6,?,00171129), ref: 001A3852
                                                                                                                                                                                                                                                                                                                                                                                        • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 001ACE0F
                                                                                                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 001ACE22
                                                                                                                                                                                                                                                                                                                                                                                        • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 001ACE31
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: ByteCharEnvironmentMultiStringsWide$AllocateFreeHeap_free
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 336800556-0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 94b369f4de5b469c97d12728ec7cfb97ac5bf064e2b89dcdd450359a8ff5e1ed
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: d3ec915c6d7518b99539f949da7e6bd272910a38644868045c97366f736cffac
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 94b369f4de5b469c97d12728ec7cfb97ac5bf064e2b89dcdd450359a8ff5e1ed
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 740184BA6013157F672117BA6C8CD7BAD6DDEC7BA13250229F905D7201EB718D0181F0
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00189693
                                                                                                                                                                                                                                                                                                                                                                                        • SelectObject.GDI32(?,00000000), ref: 001896A2
                                                                                                                                                                                                                                                                                                                                                                                        • BeginPath.GDI32(?), ref: 001896B9
                                                                                                                                                                                                                                                                                                                                                                                        • SelectObject.GDI32(?,00000000), ref: 001896E2
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: ObjectSelect$BeginCreatePath
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3225163088-0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 329cff5ceaf5cc3eadd2f6f55bb2169f027e5d07da225594347588a0c0f2fe88
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 1ef52101c3d945e352ffe81505a1e7b5a99d4fcfe164a7a2969aec8a477741ea
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 329cff5ceaf5cc3eadd2f6f55bb2169f027e5d07da225594347588a0c0f2fe88
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 75218E74802345EFDB11AF64FC0CBB97BA9BB12725F340216F424A61B1E3709AA1CF90
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: _memcmp
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2931989736-0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 5892c944cd209b3323653becf88b39031b8e71de3345934efeb6dd21112b93c7
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: bb8a8f54ec190e54c1f28be7bc8a82acd7bc9a456f1eef8efd96ccd6ef8a9fae
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5892c944cd209b3323653becf88b39031b8e71de3345934efeb6dd21112b93c7
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 48019B71681705FBE71855109E43FBA735EAB32364B504022FD145A782F761ED5086A0
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,?,?,0019F2DE,001A3863,00241444,?,0018FDF5,?,?,0017A976,00000010,00241440,001713FC,?,001713C6), ref: 001A2DFD
                                                                                                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 001A2E32
                                                                                                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 001A2E59
                                                                                                                                                                                                                                                                                                                                                                                        • SetLastError.KERNEL32(00000000,00171129), ref: 001A2E66
                                                                                                                                                                                                                                                                                                                                                                                        • SetLastError.KERNEL32(00000000,00171129), ref: 001A2E6F
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: ErrorLast$_free
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3170660625-0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: f271b16c63c8042028fb4c03cb949ff7ab0fcd87a20f44106d3ffe9ad960bdc3
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: da50d59c88ed406db4baa3e7f580bb0dd12ce711584e0f450f94340be77bb022
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f271b16c63c8042028fb4c03cb949ff7ab0fcd87a20f44106d3ffe9ad960bdc3
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6001F47E2056006BC626673D7C8AE2B2659ABE37B5B310129F425E2293EB70CC815120
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,001CFF41,80070057,?,?,?,001D035E), ref: 001D002B
                                                                                                                                                                                                                                                                                                                                                                                        • ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,001CFF41,80070057,?,?), ref: 001D0046
                                                                                                                                                                                                                                                                                                                                                                                        • lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,001CFF41,80070057,?,?), ref: 001D0054
                                                                                                                                                                                                                                                                                                                                                                                        • CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,001CFF41,80070057,?), ref: 001D0064
                                                                                                                                                                                                                                                                                                                                                                                        • CLSIDFromString.OLE32(?,?,?,?,?,00000000,?,?,?,-C000001E,00000001,?,001CFF41,80070057,?,?), ref: 001D0070
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: From$Prog$FreeStringTasklstrcmpi
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3897988419-0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 536366675e806ce1e734da4db604c83e68cc4e6fde6ef467febefe3e8d722ec9
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: f85c77e49a51c4081da5a13b2b21f40d2e791b92cf58f832208f272f5fe3c803
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 536366675e806ce1e734da4db604c83e68cc4e6fde6ef467febefe3e8d722ec9
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8F01A2B2600304BFDB124F68EC48BAA7AEDEF88792F248225F905D2311D771DD408BA0
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • QueryPerformanceCounter.KERNEL32(?), ref: 001DE997
                                                                                                                                                                                                                                                                                                                                                                                        • QueryPerformanceFrequency.KERNEL32(?), ref: 001DE9A5
                                                                                                                                                                                                                                                                                                                                                                                        • Sleep.KERNEL32(00000000), ref: 001DE9AD
                                                                                                                                                                                                                                                                                                                                                                                        • QueryPerformanceCounter.KERNEL32(?), ref: 001DE9B7
                                                                                                                                                                                                                                                                                                                                                                                        • Sleep.KERNEL32 ref: 001DE9F3
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: PerformanceQuery$CounterSleep$Frequency
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2833360925-0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 68fd3141b48a9f8e658473d283187ed07e475475827082a09b59ca2c25ab09e9
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: ef201ad838cfbf30bfc160b79162a79d193c15077318ebe6eed1b9fe04d77190
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 68fd3141b48a9f8e658473d283187ed07e475475827082a09b59ca2c25ab09e9
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B1015E71C02629DBCF04AFE4E86D6EDBBB8BB08305F110656E501B6241CB30555487A1
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 001D1114
                                                                                                                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,00000000,00000000,?,?,001D0B9B,?,?,?), ref: 001D1120
                                                                                                                                                                                                                                                                                                                                                                                        • GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,001D0B9B,?,?,?), ref: 001D112F
                                                                                                                                                                                                                                                                                                                                                                                        • HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,001D0B9B,?,?,?), ref: 001D1136
                                                                                                                                                                                                                                                                                                                                                                                        • GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 001D114D
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: HeapObjectSecurityUser$AllocErrorLastProcess
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 842720411-0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 155b4b75780201643746ab3a08a156a78054c58bb70839a9763252ca5fa7d2ac
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: cd9374658278272204145603e6f0c55f7b82f1aec0f64b6ec1648c611b4f78ba
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 155b4b75780201643746ab3a08a156a78054c58bb70839a9763252ca5fa7d2ac
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FC0119B5200305BFEB114FA5EC4DA6A7B7EEF893A0B244529FA45D7361DB31DC009A60
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 001D0FCA
                                                                                                                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 001D0FD6
                                                                                                                                                                                                                                                                                                                                                                                        • GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 001D0FE5
                                                                                                                                                                                                                                                                                                                                                                                        • HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 001D0FEC
                                                                                                                                                                                                                                                                                                                                                                                        • GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 001D1002
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: HeapInformationToken$AllocErrorLastProcess
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 44706859-0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 5132c324cad8f6c6607a9c0e96ba1ba3753fe7491847156c9168c2cc0c6b49ac
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 9c4f1cb45723103b25d78cae7843c87c9fbc8c116da60ca28a2d196d73855aac
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5132c324cad8f6c6607a9c0e96ba1ba3753fe7491847156c9168c2cc0c6b49ac
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 87F04F75100311BBD7215FA4AC4DF563B6EEF89761F204515F949C6252CA70DC408A60
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 001D102A
                                                                                                                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 001D1036
                                                                                                                                                                                                                                                                                                                                                                                        • GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 001D1045
                                                                                                                                                                                                                                                                                                                                                                                        • HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 001D104C
                                                                                                                                                                                                                                                                                                                                                                                        • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 001D1062
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: HeapInformationToken$AllocErrorLastProcess
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 44706859-0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 5856ea6562b7a17774536d8f949b2cabbbfa2ed4aaf6e7d44e2bc43f65f9aab7
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 10e99ecf48df94d954f501f11d984a376e8f8ab8ae51d80296e5cd2ba248782e
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5856ea6562b7a17774536d8f949b2cabbbfa2ed4aaf6e7d44e2bc43f65f9aab7
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6AF049B5200311BBDB216FA4EC4DF563BAEEF89761F200925FA49C6251CA70D840CA60
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(?,?,?,?,001E017D,?,001E32FC,?,00000001,001B2592,?), ref: 001E0324
                                                                                                                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(?,?,?,?,001E017D,?,001E32FC,?,00000001,001B2592,?), ref: 001E0331
                                                                                                                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(?,?,?,?,001E017D,?,001E32FC,?,00000001,001B2592,?), ref: 001E033E
                                                                                                                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(?,?,?,?,001E017D,?,001E32FC,?,00000001,001B2592,?), ref: 001E034B
                                                                                                                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(?,?,?,?,001E017D,?,001E32FC,?,00000001,001B2592,?), ref: 001E0358
                                                                                                                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(?,?,?,?,001E017D,?,001E32FC,?,00000001,001B2592,?), ref: 001E0365
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: CloseHandle
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2962429428-0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 06864dc026a28589bd25e5e07b9f6df09ec317b73748cc18a34afb4a7960d835
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 9a5a32c8ec7d2161a20ae3aa5b46b216bf29dc31d2210fd9c64307a75e287cf5
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 06864dc026a28589bd25e5e07b9f6df09ec317b73748cc18a34afb4a7960d835
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E401AE72800F559FCB31AF66D88081AFBF9BF643153158A3FD19652931C3B1A998CF80
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 001AD752
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 001A29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,001AD7D1,00000000,00000000,00000000,00000000,?,001AD7F8,00000000,00000007,00000000,?,001ADBF5,00000000), ref: 001A29DE
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 001A29C8: GetLastError.KERNEL32(00000000,?,001AD7D1,00000000,00000000,00000000,00000000,?,001AD7F8,00000000,00000007,00000000,?,001ADBF5,00000000,00000000), ref: 001A29F0
                                                                                                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 001AD764
                                                                                                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 001AD776
                                                                                                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 001AD788
                                                                                                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 001AD79A
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 776569668-0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 7a4288517705ab728f933b9fd8d5a6f5d461c9bccdcc4e3898b5bc4d468dd3f0
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 35b480dbfb48140844abe37887928b6f3462998cebc4f5fc695b586340f697c5
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7a4288517705ab728f933b9fd8d5a6f5d461c9bccdcc4e3898b5bc4d468dd3f0
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 76F0963A504718AFC665EBA8F9C6C2B77DDBB06718BA50C05F049E7911C730FC808761
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • GetDlgItem.USER32(?,000003E9), ref: 001D5C58
                                                                                                                                                                                                                                                                                                                                                                                        • GetWindowTextW.USER32(00000000,?,00000100), ref: 001D5C6F
                                                                                                                                                                                                                                                                                                                                                                                        • MessageBeep.USER32(00000000), ref: 001D5C87
                                                                                                                                                                                                                                                                                                                                                                                        • KillTimer.USER32(?,0000040A), ref: 001D5CA3
                                                                                                                                                                                                                                                                                                                                                                                        • EndDialog.USER32(?,00000001), ref: 001D5CBD
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: BeepDialogItemKillMessageTextTimerWindow
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3741023627-0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 9ac6fd742698fb3c380abeb838e2801fd45dbaf4b7efbcd0121b630ed4383b11
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 9df9c09801d843d91ec8d66f3cd15b29a56b8b1a53e547b6ae7f38705e4135cf
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9ac6fd742698fb3c380abeb838e2801fd45dbaf4b7efbcd0121b630ed4383b11
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C101A470510B04ABEB345B10ED4EFA67BBDBF00B45F14066AB583A11E2DBF5AD84CB90
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 001A22BE
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 001A29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,001AD7D1,00000000,00000000,00000000,00000000,?,001AD7F8,00000000,00000007,00000000,?,001ADBF5,00000000), ref: 001A29DE
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 001A29C8: GetLastError.KERNEL32(00000000,?,001AD7D1,00000000,00000000,00000000,00000000,?,001AD7F8,00000000,00000007,00000000,?,001ADBF5,00000000,00000000), ref: 001A29F0
                                                                                                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 001A22D0
                                                                                                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 001A22E3
                                                                                                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 001A22F4
                                                                                                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 001A2305
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 776569668-0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 4b4fc8da910c3df8a91b701aa4fe2d6046d9218466ff4e0340ef873c249bfb75
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 379558d008bed8324a2cf8d62ff391c39e7183e55c600a4e55b09adf0d06baa1
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4b4fc8da910c3df8a91b701aa4fe2d6046d9218466ff4e0340ef873c249bfb75
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2FF03ABC8002308FC752AF68BC498293B64B72BB61B11051BF914E32B1CB3009A1AFE5
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • EndPath.GDI32(?), ref: 001895D4
                                                                                                                                                                                                                                                                                                                                                                                        • StrokeAndFillPath.GDI32(?,?,001C71F7,00000000,?,?,?), ref: 001895F0
                                                                                                                                                                                                                                                                                                                                                                                        • SelectObject.GDI32(?,00000000), ref: 00189603
                                                                                                                                                                                                                                                                                                                                                                                        • DeleteObject.GDI32 ref: 00189616
                                                                                                                                                                                                                                                                                                                                                                                        • StrokePath.GDI32(?), ref: 00189631
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: Path$ObjectStroke$DeleteFillSelect
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2625713937-0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 194bb0aff0e9099329efc971000290b13c65c5956d11d17d9f29f9e68be8d1e4
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 51a1b1e3b11e32fcde21cd75c4211f9e3ee1dbd753b49afa1afc1a407ce5ac2f
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 194bb0aff0e9099329efc971000290b13c65c5956d11d17d9f29f9e68be8d1e4
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A4F03738006348EBDB266F69FD1CB743B61AB02722F288314F429550F1D7308AA5DF20
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: __freea$_free
                                                                                                                                                                                                                                                                                                                                                                                        • String ID: a/p$am/pm
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3432400110-3206640213
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: a6fe6656bea2a279e0cf2dca9d84cf8d16b667eac63cad785c10ccc85f7c78f2
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: e894adc5ab1dc1dce51a54a39450a857c4054ad140769b4186a9dbf11a80f9c7
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a6fe6656bea2a279e0cf2dca9d84cf8d16b667eac63cad785c10ccc85f7c78f2
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: AED10F3D900206FACF289F68C995BFAB7B5FF17320F29415AE901AB650D3759D80CB91
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00190242: EnterCriticalSection.KERNEL32(0024070C,00241884,?,?,0018198B,00242518,?,?,?,001712F9,00000000), ref: 0019024D
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00190242: LeaveCriticalSection.KERNEL32(0024070C,?,0018198B,00242518,?,?,?,001712F9,00000000), ref: 0019028A
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 001900A3: __onexit.LIBCMT ref: 001900A9
                                                                                                                                                                                                                                                                                                                                                                                        • __Init_thread_footer.LIBCMT ref: 001F6238
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 001901F8: EnterCriticalSection.KERNEL32(0024070C,?,?,00188747,00242514), ref: 00190202
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 001901F8: LeaveCriticalSection.KERNEL32(0024070C,?,00188747,00242514), ref: 00190235
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 001E359C: LoadStringW.USER32(00000066,?,00000FFF,00000000), ref: 001E35E4
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 001E359C: LoadStringW.USER32(00242390,?,00000FFF,?), ref: 001E360A
                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: CriticalSection$EnterLeaveLoadString$Init_thread_footer__onexit
                                                                                                                                                                                                                                                                                                                                                                                        • String ID: x#$$x#$$x#$
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1072379062-3033266091
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 4469d59829fa06454b3be283a74f90797ae29587a9cb7fc01f5331e2b256f5f4
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: da53a651291ddf624dd6f20e3b7b35c4d254354195917c5e3433cfd9a432772e
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4469d59829fa06454b3be283a74f90797ae29587a9cb7fc01f5331e2b256f5f4
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B0C18071A00109AFCB14EF98C895EBEB7B9FF59340F148069FA15AB291DB70ED45CB90
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00190242: EnterCriticalSection.KERNEL32(0024070C,00241884,?,?,0018198B,00242518,?,?,?,001712F9,00000000), ref: 0019024D
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00190242: LeaveCriticalSection.KERNEL32(0024070C,?,0018198B,00242518,?,?,?,001712F9,00000000), ref: 0019028A
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00179CB3: _wcslen.LIBCMT ref: 00179CBD
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 001900A3: __onexit.LIBCMT ref: 001900A9
                                                                                                                                                                                                                                                                                                                                                                                        • __Init_thread_footer.LIBCMT ref: 001F7BFB
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 001901F8: EnterCriticalSection.KERNEL32(0024070C,?,?,00188747,00242514), ref: 00190202
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 001901F8: LeaveCriticalSection.KERNEL32(0024070C,?,00188747,00242514), ref: 00190235
                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: CriticalSection$EnterLeave$Init_thread_footer__onexit_wcslen
                                                                                                                                                                                                                                                                                                                                                                                        • String ID: 5$G$Variable must be of type 'Object'.
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 535116098-3733170431
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 89b489ea9147a1070994ab87465d88ba06361b503b0c462cebe2bd5fbcba2124
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 7845fbdd2d8213600794822faf9a519870ebe5c2cbfc5368aba71c979da472ad
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 89b489ea9147a1070994ab87465d88ba06361b503b0c462cebe2bd5fbcba2124
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CD919B70A04209EFCB05EF94D891DBDB7B2FF59300F548059FA069B292DB71AE45CB51
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 001DB403: WriteProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,001D21D0,?,?,00000034,00000800,?,00000034), ref: 001DB42D
                                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001104,00000000,00000000), ref: 001D2760
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 001DB3CE: ReadProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,001D21FF,?,?,00000800,?,00001073,00000000,?,?), ref: 001DB3F8
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 001DB32A: GetWindowThreadProcessId.USER32(?,?), ref: 001DB355
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 001DB32A: OpenProcess.KERNEL32(00000438,00000000,?,?,?,001D2194,00000034,?,?,00001004,00000000,00000000), ref: 001DB365
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 001DB32A: VirtualAllocEx.KERNEL32(00000000,00000000,?,00001000,00000004,?,?,001D2194,00000034,?,?,00001004,00000000,00000000), ref: 001DB37B
                                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 001D27CD
                                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 001D281A
                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: Process$MessageSend$Memory$AllocOpenReadThreadVirtualWindowWrite
                                                                                                                                                                                                                                                                                                                                                                                        • String ID: @
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 4150878124-2766056989
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 9183785e672733e560eaed7b8c1467453e64fd5a0d0379bf70756e5fa7ef4b50
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 7ec09df98a0077bac963a6a4e42ad1ca371c14c6b860c56906d573109a8127ab
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9183785e672733e560eaed7b8c1467453e64fd5a0d0379bf70756e5fa7ef4b50
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F4413C72900218BFDB10DBA4CD85EEEBBB8EF59300F104056FA55B7281DB716E45DBA0
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\file.exe,00000104), ref: 001A1769
                                                                                                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 001A1834
                                                                                                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 001A183E
                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: _free$FileModuleName
                                                                                                                                                                                                                                                                                                                                                                                        • String ID: C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2506810119-1957095476
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: e132086fd1ab14174a7d1536c6d5256401cc3f0c15a1045251361bfb2aa391e9
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 476e6273210456d25d2060d029ef566e62354f587a8a6db2132f20909fab9ee5
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e132086fd1ab14174a7d1536c6d5256401cc3f0c15a1045251361bfb2aa391e9
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7D316E79A44218BFDB21DB999885D9EBBFCEB96310F14416AF905D7211D7B08E80CB90
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • GetMenuItemInfoW.USER32(00000004,00000000,00000000,?), ref: 001DC306
                                                                                                                                                                                                                                                                                                                                                                                        • DeleteMenu.USER32(?,00000007,00000000), ref: 001DC34C
                                                                                                                                                                                                                                                                                                                                                                                        • DeleteMenu.USER32(?,00000000,00000000,?,00000000,00000000,00241990,00D06DA0), ref: 001DC395
                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: Menu$Delete$InfoItem
                                                                                                                                                                                                                                                                                                                                                                                        • String ID: 0
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 135850232-4108050209
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: bdfc3cd3d185d74b460c2eae44ffdfff15ef8be152c2d44485428436a7065eb1
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 0844ea3bca38536ebb474f5496c95625f5ccad0464663e68bd27280e9ef9a375
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: bdfc3cd3d185d74b460c2eae44ffdfff15ef8be152c2d44485428436a7065eb1
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C641A271204342AFDB24DF29D884B5ABBE4BF95310F148A1EF9A5973D1D770E904CBA2
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000013,?,?,SysTreeView32,0020CC08,00000000,?,?,?,?), ref: 002044AA
                                                                                                                                                                                                                                                                                                                                                                                        • GetWindowLongW.USER32 ref: 002044C7
                                                                                                                                                                                                                                                                                                                                                                                        • SetWindowLongW.USER32(?,000000F0,00000000), ref: 002044D7
                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: Window$Long
                                                                                                                                                                                                                                                                                                                                                                                        • String ID: SysTreeView32
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 847901565-1698111956
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: bcdc9a10e065eb04961c380e8e860967a08e35fe8140075fe7c70ac6d7e9892a
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: cd176c47808af3e1b016b77b8afac58d52863d541e072d2e4d12f963122a1d4b
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: bcdc9a10e065eb04961c380e8e860967a08e35fe8140075fe7c70ac6d7e9892a
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 813183B1120706AFDB20AF34DC45BDA7BA9EB55334F208715FA75921D2D770EC609B50
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 001F335B: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,?,?,?,?,001F3077,?,?), ref: 001F3378
                                                                                                                                                                                                                                                                                                                                                                                        • inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 001F307A
                                                                                                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 001F309B
                                                                                                                                                                                                                                                                                                                                                                                        • htons.WSOCK32(00000000,?,?,00000000), ref: 001F3106
                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: ByteCharMultiWide_wcslenhtonsinet_addr
                                                                                                                                                                                                                                                                                                                                                                                        • String ID: 255.255.255.255
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 946324512-2422070025
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: ed459802898cafc384d9df7090987fb9a1be16b2fed99d21aecb1c193797d95e
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 6d85f1c0e80c27677660ed8fad627401f07d7278bf3a249afdd681db74d83e1b
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ed459802898cafc384d9df7090987fb9a1be16b2fed99d21aecb1c193797d95e
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7731D3756042099FCB20CF28C485EBA77F0EF54318F25C15AEA258B392DB72EE45C761
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00001009,00000000,?), ref: 00203F40
                                                                                                                                                                                                                                                                                                                                                                                        • SetWindowPos.USER32(?,00000000,?,?,?,?,00000004), ref: 00203F54
                                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001002,00000000,?), ref: 00203F78
                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: MessageSend$Window
                                                                                                                                                                                                                                                                                                                                                                                        • String ID: SysMonthCal32
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2326795674-1439706946
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 56b2274f80cbb007e83534aaf04b6bcb23e385eb9244c2ece293e43a33a54d5b
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 1e739cd9207cfbd5cff5f0c677b114415cc3ad9316750ed36b741ee7438beb13
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 56b2274f80cbb007e83534aaf04b6bcb23e385eb9244c2ece293e43a33a54d5b
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D521BF3261021ABBDF25CF50DC4AFEA3B79EF48714F110214FA196B1D1DAB1A860CB90
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00000469,?,00000000), ref: 00204705
                                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00000465,00000000,80017FFF), ref: 00204713
                                                                                                                                                                                                                                                                                                                                                                                        • DestroyWindow.USER32(00000000,00000000,?,?,?,00000000,msctls_updown32,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 0020471A
                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: MessageSend$DestroyWindow
                                                                                                                                                                                                                                                                                                                                                                                        • String ID: msctls_updown32
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 4014797782-2298589950
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 6bdb72744cbea2469787da32f7f8ed93dcd2a3fe6707c345e0175557b8ebb983
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 1100baf9efba3e9503d8cdde2346c95cb056f34a6841ce00772f52aa2889a167
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6bdb72744cbea2469787da32f7f8ed93dcd2a3fe6707c345e0175557b8ebb983
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5E2192F5610209AFDB10EF68DCD5DA777ADEF5A354B004049FA009B2A2CB31EC61CA60
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: _wcslen
                                                                                                                                                                                                                                                                                                                                                                                        • String ID: #OnAutoItStartRegister$#notrayicon$#requireadmin
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 176396367-2734436370
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 0f2dec859005ebf736a7896e146a72729b4d95520f85bb50b6f93d315fcdd0c0
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: a21871c8ed262d8a7ee012a4a53408de1ad33966d9e19b27c02298c3203fa209
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0f2dec859005ebf736a7896e146a72729b4d95520f85bb50b6f93d315fcdd0c0
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F9216D3220461166D731BB28DC02FB773E89F65310F104037F94997282EB55ED52C3D5
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00000180,00000000,?), ref: 00203840
                                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00000186,00000000,00000000), ref: 00203850
                                                                                                                                                                                                                                                                                                                                                                                        • MoveWindow.USER32(00000000,?,?,?,?,00000000,?,?,Listbox,00000000,00000000,?,?,?,?,?), ref: 00203876
                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: MessageSend$MoveWindow
                                                                                                                                                                                                                                                                                                                                                                                        • String ID: Listbox
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3315199576-2633736733
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: ecfb6b15162e41e88fe5f2691ec4a7e38479a49caa9e4565ede6eb53671e7df7
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 6f8298afc9877f8bce40a894ee17a388e179a754759fcdade560a089b7b3b223
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ecfb6b15162e41e88fe5f2691ec4a7e38479a49caa9e4565ede6eb53671e7df7
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C0218072620219BBEF21CF54DC45EAB776EEF89750F108114F9449B1E1CA71DC628BA0
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • SetErrorMode.KERNEL32(00000001), ref: 001E4A08
                                                                                                                                                                                                                                                                                                                                                                                        • GetVolumeInformationW.KERNEL32(?,?,00007FFF,?,00000000,00000000,00000000,00000000), ref: 001E4A5C
                                                                                                                                                                                                                                                                                                                                                                                        • SetErrorMode.KERNEL32(00000000,?,?,0020CC08), ref: 001E4AD0
                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: ErrorMode$InformationVolume
                                                                                                                                                                                                                                                                                                                                                                                        • String ID: %lu
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2507767853-685833217
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: d61241d82f993f3c0591536aae46b2b6cb9a9fffc226a72eb6a2d778d87831b0
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 1c0ad0f489044d9585b89409a32cd06acbcaaac0178b623f16aab016f5aff85f
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d61241d82f993f3c0591536aae46b2b6cb9a9fffc226a72eb6a2d778d87831b0
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D0315175A00209AFDB10DF54C885EAEBBF8EF49318F1480A9F909DB252D771EE45CB61
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00000405,00000000,00000000), ref: 0020424F
                                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00000406,00000000,00640000), ref: 00204264
                                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00000414,0000000A,00000000), ref: 00204271
                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: MessageSend
                                                                                                                                                                                                                                                                                                                                                                                        • String ID: msctls_trackbar32
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3850602802-1010561917
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 183c212d48b50226488bb70435770d5968c8ebfefa9b152a1c27c8feafb1a089
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: c8668b13502f4975be88a84ed0c0ed9a6138d494f5182f6eadb0bb87ba808f73
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 183c212d48b50226488bb70435770d5968c8ebfefa9b152a1c27c8feafb1a089
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7D11E3B1350309BEEF206F28CC06FAB7BACEF95B54F114114FA55E20D1D671D8619B10
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00176B57: _wcslen.LIBCMT ref: 00176B6A
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 001D2DA7: SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 001D2DC5
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 001D2DA7: GetWindowThreadProcessId.USER32(?,00000000), ref: 001D2DD6
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 001D2DA7: GetCurrentThreadId.KERNEL32 ref: 001D2DDD
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 001D2DA7: AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 001D2DE4
                                                                                                                                                                                                                                                                                                                                                                                        • GetFocus.USER32 ref: 001D2F78
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 001D2DEE: GetParent.USER32(00000000), ref: 001D2DF9
                                                                                                                                                                                                                                                                                                                                                                                        • GetClassNameW.USER32(?,?,00000100), ref: 001D2FC3
                                                                                                                                                                                                                                                                                                                                                                                        • EnumChildWindows.USER32(?,001D303B), ref: 001D2FEB
                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: Thread$AttachChildClassCurrentEnumFocusInputMessageNameParentProcessSendTimeoutWindowWindows_wcslen
                                                                                                                                                                                                                                                                                                                                                                                        • String ID: %s%d
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1272988791-1110647743
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 96d946abb62b1ba3ee92e531705faa447f3463643de6cf7b897167d6289a1476
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: c41e3894c546b6e6e4fe6fd0811d82de40ef4dbb9c4450c3e857935166cab559
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 96d946abb62b1ba3ee92e531705faa447f3463643de6cf7b897167d6289a1476
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8911E4B53002056BCF147FB09C85EEE376AAFA4304F148076F9199B293DF319A098B60
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • GetMenuItemInfoW.USER32(?,?,?,00000030), ref: 002058C1
                                                                                                                                                                                                                                                                                                                                                                                        • SetMenuItemInfoW.USER32(?,?,?,00000030), ref: 002058EE
                                                                                                                                                                                                                                                                                                                                                                                        • DrawMenuBar.USER32(?), ref: 002058FD
                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: Menu$InfoItem$Draw
                                                                                                                                                                                                                                                                                                                                                                                        • String ID: 0
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3227129158-4108050209
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 7a613f0be792b54ad0d3286c34e42c212076c03f1cf3ecd89f9b79d7f9a5b280
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: b59d4297bcab8ad7cb389c1c76fa4e62913349d8aa99c45488ea91757099cfc5
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7a613f0be792b54ad0d3286c34e42c212076c03f1cf3ecd89f9b79d7f9a5b280
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F4018B71510328EFDB209F11EC48BAFBBB4FF45361F108099E848D6192DB708AA0DF60
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: dafd8248ce85e95692c4f3b92387582b180e3bd4235fd584be4f6e1fc215f1a0
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 9514c2b0facc528afb202ceaed74762d7cc666dd8cdc1571ebc895b7e4411b83
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: dafd8248ce85e95692c4f3b92387582b180e3bd4235fd584be4f6e1fc215f1a0
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: EEC13875A0020AEFDB15CFA8C898BAEB7B5FF48704F218599E505EB251D731EE41CB90
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: __alldvrm$_strrchr
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1036877536-0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 190bec492484a18a97fe5f025dcdb3e473ceac46589bc02d4dbe4f94f5be8f6e
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: a82ee927ff3d939906a61d1033e8bb7e53f6ffeb693c566b141ce365873466f3
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 190bec492484a18a97fe5f025dcdb3e473ceac46589bc02d4dbe4f94f5be8f6e
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: EFA1787AD103869FEB26CF18C8917AEBBE4EFA3350F18416DF5958B281C3B49981C751
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: Variant$ClearInitInitializeUninitialize
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1998397398-0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 11962d41d0c0447fcaed04a8161240ead5cce16135b5646761cc093705491f2d
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 1a3bb45613d510b8532eb367ed7aa463007669aebeb9e83bdbfdd229ed8e1b45
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 11962d41d0c0447fcaed04a8161240ead5cce16135b5646761cc093705491f2d
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D7A13A756043049FC700EF28C485A2AB7E5FF98714F148959F99A9B3A2DB30EE01CB91
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • ProgIDFromCLSID.OLE32(?,00000000,?,00000000,00000800,00000000,?,0020FC08,?), ref: 001D05F0
                                                                                                                                                                                                                                                                                                                                                                                        • CoTaskMemFree.OLE32(00000000,00000000,?,00000000,00000800,00000000,?,0020FC08,?), ref: 001D0608
                                                                                                                                                                                                                                                                                                                                                                                        • CLSIDFromProgID.OLE32(?,?,00000000,0020CC40,000000FF,?,00000000,00000800,00000000,?,0020FC08,?), ref: 001D062D
                                                                                                                                                                                                                                                                                                                                                                                        • _memcmp.LIBVCRUNTIME ref: 001D064E
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: FromProg$FreeTask_memcmp
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 314563124-0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 43b5fafff00a363a7279f327d12508e2f7b2d621dc329ed19fd5d878d9e04451
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: baae43040a7be9c598a8de86acb18296139ee6c01d9d01eb39316754492454b3
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 43b5fafff00a363a7279f327d12508e2f7b2d621dc329ed19fd5d878d9e04451
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C3810C71A00209EFCB05DF94C988EEEB7B9FF89315F204559E506AB250DB71AE46CF60
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • CreateToolhelp32Snapshot.KERNEL32 ref: 001FA6AC
                                                                                                                                                                                                                                                                                                                                                                                        • Process32FirstW.KERNEL32(00000000,?), ref: 001FA6BA
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00179CB3: _wcslen.LIBCMT ref: 00179CBD
                                                                                                                                                                                                                                                                                                                                                                                        • Process32NextW.KERNEL32(00000000,?), ref: 001FA79C
                                                                                                                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 001FA7AB
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 0018CE60: CompareStringW.KERNEL32(00000409,00000001,?,00000000,00000000,?,?,00000000,?,001B3303,?), ref: 0018CE8A
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: Process32$CloseCompareCreateFirstHandleNextSnapshotStringToolhelp32_wcslen
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1991900642-0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: e5fa4af7c222a316d90b2ba76520a3db352e10aa09965a6bd1d903e153ac9cfe
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 9310a3b57ab3577ac5f5f8787bed4b31263602a184ea51dcf4233fb42fd2b8ac
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e5fa4af7c222a316d90b2ba76520a3db352e10aa09965a6bd1d903e153ac9cfe
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 005139B1508304AFD710EF24D886A6BBBF8FF99754F50891DF58997252EB30D904CB92
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: _free
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 269201875-0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 86e583573942f5fb7063fba101710c89ba5b192da80a3b0ed27c6d412ad96dcb
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 735540039f23eeecd146a7ccd3686867aab691767b7836cd268a948bf0c2f556
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 86e583573942f5fb7063fba101710c89ba5b192da80a3b0ed27c6d412ad96dcb
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 13416A35A00100BBDF256BFD9C56BFE3AA4EF66370F660265F818D3192EB3489419262
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • GetWindowRect.USER32(?,?), ref: 002062E2
                                                                                                                                                                                                                                                                                                                                                                                        • ScreenToClient.USER32(?,?), ref: 00206315
                                                                                                                                                                                                                                                                                                                                                                                        • MoveWindow.USER32(?,?,?,?,000000FF,00000001,?,?,?,?,?), ref: 00206382
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: Window$ClientMoveRectScreen
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3880355969-0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 617fd5f1c83c84ed1dfd415f5e22323571a0fc052b7da622756f47a03faf80b3
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 3032de3d15c336de79ddebf7e72f7c71b3d1c71e903071da046ba763a169b309
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 617fd5f1c83c84ed1dfd415f5e22323571a0fc052b7da622756f47a03faf80b3
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0E512C7491020AEFDB24DF54D888AAE7BB5EF45760F108299F8159B2E1D730EDA1CB90
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • socket.WSOCK32(00000002,00000002,00000011), ref: 001F1AFD
                                                                                                                                                                                                                                                                                                                                                                                        • WSAGetLastError.WSOCK32 ref: 001F1B0B
                                                                                                                                                                                                                                                                                                                                                                                        • #21.WSOCK32(?,0000FFFF,00000020,00000002,00000004), ref: 001F1B8A
                                                                                                                                                                                                                                                                                                                                                                                        • WSAGetLastError.WSOCK32 ref: 001F1B94
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: ErrorLast$socket
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1881357543-0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 987b654c8259dd4b7d62533b4fbc3bbaa51fe8ab37a9913b6c51323e6de69deb
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: ff5285d351581de154640cbbafe752f050c99a593a7d718dfde20d20b18719db
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 987b654c8259dd4b7d62533b4fbc3bbaa51fe8ab37a9913b6c51323e6de69deb
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1A41BE74640204AFE721AF24D88AF2A77E5AB58718F54C44CFA1A9F2D3D772ED418B90
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: fb79d25af7a41135671835c7a530ffed3a8fdf2e1cd50685d791f9a237dac61b
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: cd15d17beda1851ee6dfa787ff49168be56e4e30ff805543661338c435882194
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: fb79d25af7a41135671835c7a530ffed3a8fdf2e1cd50685d791f9a237dac61b
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7641177AA04344BFD7259F78CC81BAABBE9EB99710F10452EF542DB283D771E9018780
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • CreateHardLinkW.KERNEL32(00000002,?,00000000), ref: 001E5783
                                                                                                                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,00000000), ref: 001E57A9
                                                                                                                                                                                                                                                                                                                                                                                        • DeleteFileW.KERNEL32(00000002,?,00000000), ref: 001E57CE
                                                                                                                                                                                                                                                                                                                                                                                        • CreateHardLinkW.KERNEL32(00000002,?,00000000,?,00000000), ref: 001E57FA
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: CreateHardLink$DeleteErrorFileLast
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3321077145-0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 80a9e2601865806dc2417d4d9eeb474779db8f538347e4f5dff4b2b8e61ba147
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 0bb03e951fd983133555786a91e95a5ade475911cf812ff3810736057848a6a4
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 80a9e2601865806dc2417d4d9eeb474779db8f538347e4f5dff4b2b8e61ba147
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7441FD39600A10DFCB11EF15D585A5DBBF2EF99724B19C488E84A5B3A2CB34FD41CB91
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • MultiByteToWideChar.KERNEL32(?,00000000,8BE85006,00196D71,00000000,00000000,001982D9,?,001982D9,?,00000001,00196D71,8BE85006,00000001,001982D9,001982D9), ref: 001AD910
                                                                                                                                                                                                                                                                                                                                                                                        • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 001AD999
                                                                                                                                                                                                                                                                                                                                                                                        • GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 001AD9AB
                                                                                                                                                                                                                                                                                                                                                                                        • __freea.LIBCMT ref: 001AD9B4
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 001A3820: RtlAllocateHeap.NTDLL(00000000,?,00241444,?,0018FDF5,?,?,0017A976,00000010,00241440,001713FC,?,001713C6,?,00171129), ref: 001A3852
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: ByteCharMultiWide$AllocateHeapStringType__freea
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2652629310-0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: ec97009638110f73cad116d134e580ed2b7d315c594054d8b0ad8410a3c07887
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: f1f774940599a3be13e06aa6365a544a89466a2e087cb675a0b3b85520da627c
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ec97009638110f73cad116d134e580ed2b7d315c594054d8b0ad8410a3c07887
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0A31DE76A0060AABDF249F64EC45EAF7BA9EB42314F150268FC05D7251EB35CD54CB90
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001024,00000000,?), ref: 00205352
                                                                                                                                                                                                                                                                                                                                                                                        • GetWindowLongW.USER32(?,000000F0), ref: 00205375
                                                                                                                                                                                                                                                                                                                                                                                        • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00205382
                                                                                                                                                                                                                                                                                                                                                                                        • InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 002053A8
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: LongWindow$InvalidateMessageRectSend
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3340791633-0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 587d18ea8640fda7831c8ef60d48b29de1a17e58e4cbca33daf50ad3b850c547
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: a59791862432f203da344e5067a581a63f7fa073feaae0d8e0706ca403f087e5
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 587d18ea8640fda7831c8ef60d48b29de1a17e58e4cbca33daf50ad3b850c547
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FF31E634A75B29EFEB349F14DC06BEA7765AB05390F584181FA10961E3C7F099A0DF42
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • GetKeyboardState.USER32(?,75C0C0D0,?,00008000), ref: 001DABF1
                                                                                                                                                                                                                                                                                                                                                                                        • SetKeyboardState.USER32(00000080,?,00008000), ref: 001DAC0D
                                                                                                                                                                                                                                                                                                                                                                                        • PostMessageW.USER32(00000000,00000101,00000000), ref: 001DAC74
                                                                                                                                                                                                                                                                                                                                                                                        • SendInput.USER32(00000001,?,0000001C,75C0C0D0,?,00008000), ref: 001DACC6
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: KeyboardState$InputMessagePostSend
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 432972143-0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 1e1d0a9bcf346f456909c553722e968629fb66e73c8b92e27bcb0dc57131194a
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 4bb34f66a52cf6550158f6850a87bea00882009a2a84c6db21d326f9d4244875
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1e1d0a9bcf346f456909c553722e968629fb66e73c8b92e27bcb0dc57131194a
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 87313770A20718AFEF34CB648C087FE7BA5AF89330F98431BE481963D1C37999818752
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • ClientToScreen.USER32(?,?), ref: 0020769A
                                                                                                                                                                                                                                                                                                                                                                                        • GetWindowRect.USER32(?,?), ref: 00207710
                                                                                                                                                                                                                                                                                                                                                                                        • PtInRect.USER32(?,?,00208B89), ref: 00207720
                                                                                                                                                                                                                                                                                                                                                                                        • MessageBeep.USER32(00000000), ref: 0020778C
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: Rect$BeepClientMessageScreenWindow
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1352109105-0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 394143d570046cc2e9e30840863e8c7374d9d6d4451d9a317fe4c552d149fdc1
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: f3c03d6ab63ce11ce02b3fa33178e0b4dea0aff13974170ccccfcb5566d9f820
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 394143d570046cc2e9e30840863e8c7374d9d6d4451d9a317fe4c552d149fdc1
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2341AD38A15315DFDB11CF58D898EA9B7F4FB49384F1481A8E8149B2B2C371B9A1CF90
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • GetForegroundWindow.USER32 ref: 002016EB
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 001D3A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 001D3A57
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 001D3A3D: GetCurrentThreadId.KERNEL32 ref: 001D3A5E
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 001D3A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,001D25B3), ref: 001D3A65
                                                                                                                                                                                                                                                                                                                                                                                        • GetCaretPos.USER32(?), ref: 002016FF
                                                                                                                                                                                                                                                                                                                                                                                        • ClientToScreen.USER32(00000000,?), ref: 0020174C
                                                                                                                                                                                                                                                                                                                                                                                        • GetForegroundWindow.USER32 ref: 00201752
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: ThreadWindow$Foreground$AttachCaretClientCurrentInputProcessScreen
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2759813231-0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: a23473795f58b4221d063c5e10abdd9f06d48387475f447f6546b69a50545a2d
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 7a731cb71063fc7e16751f97529976adb69c312e1fc770f7a37d4d5e81b431e4
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a23473795f58b4221d063c5e10abdd9f06d48387475f447f6546b69a50545a2d
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 92314175D00249AFC704DFA9C885CAEFBF9EF59304B50806AE415E7252D7319E45CBA0
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00177620: _wcslen.LIBCMT ref: 00177625
                                                                                                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 001DDFCB
                                                                                                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 001DDFE2
                                                                                                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 001DE00D
                                                                                                                                                                                                                                                                                                                                                                                        • GetTextExtentPoint32W.GDI32(?,00000000,00000000,?), ref: 001DE018
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: _wcslen$ExtentPoint32Text
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3763101759-0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 303f65123ad16fe120de91ea8111d65f6f1a12945aa8744bc4212b091098a8f5
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 258e4fead08a73aba94c42a49897d078c6d09db663091ff9f8357ab890c48a03
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 303f65123ad16fe120de91ea8111d65f6f1a12945aa8744bc4212b091098a8f5
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3D218171900214AFCB20EFA8D981BAEB7F8EF55750F144065F905BB385D7709E41CBA1
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00189BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00189BB2
                                                                                                                                                                                                                                                                                                                                                                                        • GetCursorPos.USER32(?), ref: 00209001
                                                                                                                                                                                                                                                                                                                                                                                        • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000,?,001C7711,?,?,?,?,?), ref: 00209016
                                                                                                                                                                                                                                                                                                                                                                                        • GetCursorPos.USER32(?), ref: 0020905E
                                                                                                                                                                                                                                                                                                                                                                                        • DefDlgProcW.USER32(?,0000007B,?,?,?,?,?,?,?,?,?,?,001C7711,?,?,?), ref: 00209094
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: Cursor$LongMenuPopupProcTrackWindow
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2864067406-0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: ddf8350e40b3c19045b1939545d029ca10a3e02c505994d61a4ceb051f019e09
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 18ab191c8ac7886e4c92a98a9f7e0a41290fa991657e7c9216570f982bc692f2
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ddf8350e40b3c19045b1939545d029ca10a3e02c505994d61a4ceb051f019e09
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CD21B135610218EFDB258F94DC58EFB3BBAEB49350F144155F9465B1A3C33199A0DB60
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • GetFileAttributesW.KERNEL32(?,0020CB68), ref: 001DD2FB
                                                                                                                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32 ref: 001DD30A
                                                                                                                                                                                                                                                                                                                                                                                        • CreateDirectoryW.KERNEL32(?,00000000), ref: 001DD319
                                                                                                                                                                                                                                                                                                                                                                                        • CreateDirectoryW.KERNEL32(?,00000000,00000000,000000FF,0020CB68), ref: 001DD376
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: CreateDirectory$AttributesErrorFileLast
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2267087916-0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: dc2d10ba370f654a1a376dd581ac0bb6e3f8eafe310e3740c4aa6f6d60302c6a
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 1573f3a67c311345bcc6e4652576c4690e3d22f07ee5eb9245cd1672b4289b89
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: dc2d10ba370f654a1a376dd581ac0bb6e3f8eafe310e3740c4aa6f6d60302c6a
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 382171B0505301AFC714DF68E88586A77E4BE56364F204A1EF499C73E2D731D949CB93
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 001D1014: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 001D102A
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 001D1014: GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 001D1036
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 001D1014: GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 001D1045
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 001D1014: HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 001D104C
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 001D1014: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 001D1062
                                                                                                                                                                                                                                                                                                                                                                                        • LookupPrivilegeValueW.ADVAPI32(00000000,?,?), ref: 001D15BE
                                                                                                                                                                                                                                                                                                                                                                                        • _memcmp.LIBVCRUNTIME ref: 001D15E1
                                                                                                                                                                                                                                                                                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000), ref: 001D1617
                                                                                                                                                                                                                                                                                                                                                                                        • HeapFree.KERNEL32(00000000), ref: 001D161E
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: Heap$InformationProcessToken$AllocErrorFreeLastLookupPrivilegeValue_memcmp
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1592001646-0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 453d75fd8bded0cb5533dc5f9a5fd4b25850102509f480f753d0a1af9f8829e3
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 281bb6215f4bf89a5211960a1b362275fe677d8d457e874f381d1d86039770ca
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 453d75fd8bded0cb5533dc5f9a5fd4b25850102509f480f753d0a1af9f8829e3
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7621A971E00208FFDF00DFA4D948BEEB7B8EF40344F18855AE401AB241E770AA45CBA0
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • GetWindowLongW.USER32(?,000000EC), ref: 0020280A
                                                                                                                                                                                                                                                                                                                                                                                        • SetWindowLongW.USER32(?,000000EC,00000000), ref: 00202824
                                                                                                                                                                                                                                                                                                                                                                                        • SetWindowLongW.USER32(?,000000EC,00000000), ref: 00202832
                                                                                                                                                                                                                                                                                                                                                                                        • SetLayeredWindowAttributes.USER32(?,00000000,?,00000002), ref: 00202840
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: Window$Long$AttributesLayered
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2169480361-0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: c1afe7aa3af5cde0e7e0073e598ce15637d6fa29483b2a26abbe28eec4c952ec
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: ff39cbc08e4a5b862896521c8e493a4f2a6b7d87e9cadcf12a5d686bafa9106c
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c1afe7aa3af5cde0e7e0073e598ce15637d6fa29483b2a26abbe28eec4c952ec
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7621C435214211EFD7149B24DC48F6ABBA9EF45324F248259F4168B6E3CB71FC56CB90
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 001D8D7D: lstrlenW.KERNEL32(?,00000002,000000FF,?,?,?,001D790A,?,000000FF,?,001D8754,00000000,?,0000001C,?,?), ref: 001D8D8C
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 001D8D7D: lstrcpyW.KERNEL32(00000000,?,?,001D790A,?,000000FF,?,001D8754,00000000,?,0000001C,?,?,00000000), ref: 001D8DB2
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 001D8D7D: lstrcmpiW.KERNEL32(00000000,?,001D790A,?,000000FF,?,001D8754,00000000,?,0000001C,?,?), ref: 001D8DE3
                                                                                                                                                                                                                                                                                                                                                                                        • lstrlenW.KERNEL32(?,00000002,000000FF,?,000000FF,?,001D8754,00000000,?,0000001C,?,?,00000000), ref: 001D7923
                                                                                                                                                                                                                                                                                                                                                                                        • lstrcpyW.KERNEL32(00000000,?,?,001D8754,00000000,?,0000001C,?,?,00000000), ref: 001D7949
                                                                                                                                                                                                                                                                                                                                                                                        • lstrcmpiW.KERNEL32(00000002,cdecl,?,001D8754,00000000,?,0000001C,?,?,00000000), ref: 001D7984
                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: lstrcmpilstrcpylstrlen
                                                                                                                                                                                                                                                                                                                                                                                        • String ID: cdecl
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 4031866154-3896280584
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: edd085a5f7017f8d67a05ff7eff4c1770b2a35aad77cb610a50fa793b4cb8056
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: a58bb892ab726c3a6385dff5809be68594db2050761094174f52767ce45b1846
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: edd085a5f7017f8d67a05ff7eff4c1770b2a35aad77cb610a50fa793b4cb8056
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C711E47A200342ABCF196F38D855D7B77A9FF95364B10402BE806C73A5FB319811C761
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • GetWindowLongW.USER32(?,000000F0), ref: 00207D0B
                                                                                                                                                                                                                                                                                                                                                                                        • SetWindowLongW.USER32(00000000,000000F0,?), ref: 00207D2A
                                                                                                                                                                                                                                                                                                                                                                                        • SetWindowLongW.USER32(00000000,000000EC,000000FF), ref: 00207D42
                                                                                                                                                                                                                                                                                                                                                                                        • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,?,001EB7AD,00000000), ref: 00207D6B
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00189BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00189BB2
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: Window$Long
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 847901565-0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: c858946d89650b2aa9375eb4ca370d9c734afa92780c3c834bcc6ba422f284e4
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 99d892224202bbecd8562291928ea5145c37aea5b71084e33c7fe5f06458bb03
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c858946d89650b2aa9375eb4ca370d9c734afa92780c3c834bcc6ba422f284e4
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D111D235A25715AFDB109F28DC08A663BA4AF46360B254324F835D72F1E730E960CB50
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001060,?,00000004), ref: 002056BB
                                                                                                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 002056CD
                                                                                                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 002056D8
                                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001002,00000000,?), ref: 00205816
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: MessageSend_wcslen
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 455545452-0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: b70958887db441a43d3f93e35f72ebf4d8f65ee4105f77b096a479a5e07748f5
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 2d8f194ebeae39678f512cb26b246c7b39b521f6f7715fcbc2d21e0bc1fba63a
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b70958887db441a43d3f93e35f72ebf4d8f65ee4105f77b096a479a5e07748f5
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2411E175A20729A6DF209F61CC85AEF77ACFF11764B104026F905D60C3EBB08AA0CF60
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 7695bee77258f8f23d446eee4f2cd14caf740c2927974653ae238067e8b6a7ae
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: eae85c125a1fb3b069f843da7a74fb95b6ea720110b82e5568b03519f8d1de1e
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7695bee77258f8f23d446eee4f2cd14caf740c2927974653ae238067e8b6a7ae
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8401ADBA209A167EF62126B87CC8F67661CDF937B8F310329F525A11D2DB708C004170
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,000000B0,?,?), ref: 001D1A47
                                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,000000C9,?,00000000), ref: 001D1A59
                                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,000000C9,?,00000000), ref: 001D1A6F
                                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,000000C9,?,00000000), ref: 001D1A8A
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: MessageSend
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3850602802-0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 3e463a0dcb6871b49f4f93baacc41f42d6a114fa44c1bf4bb5d92a8681cb2f41
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 79a3634667856c203578061a6c6c1900fdfbdfbbc9bdf8117112c65c2ef28362
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3e463a0dcb6871b49f4f93baacc41f42d6a114fa44c1bf4bb5d92a8681cb2f41
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6211273A901219FFEB109BA4C985FADBB79EB08750F200092EA00B7290D7716E50DB94
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 001DE1FD
                                                                                                                                                                                                                                                                                                                                                                                        • MessageBoxW.USER32(?,?,?,?), ref: 001DE230
                                                                                                                                                                                                                                                                                                                                                                                        • WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,?,?), ref: 001DE246
                                                                                                                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 001DE24D
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: CloseCurrentHandleMessageObjectSingleThreadWait
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2880819207-0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: eb1a5eca45c0de900fa1776dc57db2bc9f5ea3f1ad82ee55b95d3fda6ce239d8
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: e836c0254fc6991feb9582ba6a272b54914443d7cf7c0c17ce100b29c57cb091
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: eb1a5eca45c0de900fa1776dc57db2bc9f5ea3f1ad82ee55b95d3fda6ce239d8
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2711C8B6904254BBC701AFA8BC0DA9F7FAC9B45321F14435AF915D7391D770D90487A0
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • CreateThread.KERNEL32(00000000,?,0019CFF9,00000000,00000004,00000000), ref: 0019D218
                                                                                                                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32 ref: 0019D224
                                                                                                                                                                                                                                                                                                                                                                                        • __dosmaperr.LIBCMT ref: 0019D22B
                                                                                                                                                                                                                                                                                                                                                                                        • ResumeThread.KERNEL32(00000000), ref: 0019D249
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: Thread$CreateErrorLastResume__dosmaperr
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 173952441-0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 3e6bd6fd637a08668a0d8f9c1ecfafdabc266880ecfc677c600bc93351438faa
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 0ae67bfd003bfc5ba10ce81bde399105e2ede4ff8b19caf717329fc003bfd48d
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3e6bd6fd637a08668a0d8f9c1ecfafdabc266880ecfc677c600bc93351438faa
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5D01F576805204BBCF116BA5FC09BAE7A69DF91730F200369F925921D0CF70C901C6A0
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00189BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00189BB2
                                                                                                                                                                                                                                                                                                                                                                                        • GetClientRect.USER32(?,?), ref: 00209F31
                                                                                                                                                                                                                                                                                                                                                                                        • GetCursorPos.USER32(?), ref: 00209F3B
                                                                                                                                                                                                                                                                                                                                                                                        • ScreenToClient.USER32(?,?), ref: 00209F46
                                                                                                                                                                                                                                                                                                                                                                                        • DefDlgProcW.USER32(?,00000020,?,00000000,?,?,?), ref: 00209F7A
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: Client$CursorLongProcRectScreenWindow
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 4127811313-0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 926c9714a9fba407bac7c1578fd1d1113676882ff621d191436e8705590bcd14
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 8dbee5515d1d05d411a8f1af412039862b979e508ad8a4cccfbc45a4d29cf563
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 926c9714a9fba407bac7c1578fd1d1113676882ff621d191436e8705590bcd14
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1511883291021AABDB10EF68D8899EE77B8FB05301F100551F902E3482C330BAE1CBA1
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 0017604C
                                                                                                                                                                                                                                                                                                                                                                                        • GetStockObject.GDI32(00000011), ref: 00176060
                                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00000030,00000000), ref: 0017606A
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: CreateMessageObjectSendStockWindow
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3970641297-0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 6369731012eb5217c2a92c236a6bf3ffe49574aca7752e80b0028d5a6bc931e8
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 3aac193bed9023cb0fe65831039cf4dd3f539013cabd47524d606c89351b520e
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6369731012eb5217c2a92c236a6bf3ffe49574aca7752e80b0028d5a6bc931e8
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 95118BB2101A08BFEF164FA49C48AEABB7DEF083A4F104201FA0852021C7369C609FA0
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • ___BuildCatchObject.LIBVCRUNTIME ref: 00193B56
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00193AA3: BuildCatchObjectHelperInternal.LIBVCRUNTIME ref: 00193AD2
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00193AA3: ___AdjustPointer.LIBCMT ref: 00193AED
                                                                                                                                                                                                                                                                                                                                                                                        • _UnwindNestedFrames.LIBCMT ref: 00193B6B
                                                                                                                                                                                                                                                                                                                                                                                        • __FrameHandler3::FrameUnwindToState.LIBVCRUNTIME ref: 00193B7C
                                                                                                                                                                                                                                                                                                                                                                                        • CallCatchBlock.LIBVCRUNTIME ref: 00193BA4
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: Catch$BuildFrameObjectUnwind$AdjustBlockCallFramesHandler3::HelperInternalNestedPointerState
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 737400349-0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 12ea49abee573113f57dbd3ec3a577afcc9c348439d29e6cbe32e78011ac24d3
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 8ba9317196bd544ae320d82001c4973f00f9d72b0b84b14c4b4a246288f8ed5d
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 12ea49abee573113f57dbd3ec3a577afcc9c348439d29e6cbe32e78011ac24d3
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6E01E932100149BBDF126E95CC46EEB7B6AFF58754F044014FE5896121C732E962EBA0
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,001713C6,00000000,00000000,?,001A301A,001713C6,00000000,00000000,00000000,?,001A328B,00000006,FlsSetValue), ref: 001A30A5
                                                                                                                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,001A301A,001713C6,00000000,00000000,00000000,?,001A328B,00000006,FlsSetValue,00212290,FlsSetValue,00000000,00000364,?,001A2E46), ref: 001A30B1
                                                                                                                                                                                                                                                                                                                                                                                        • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,001A301A,001713C6,00000000,00000000,00000000,?,001A328B,00000006,FlsSetValue,00212290,FlsSetValue,00000000), ref: 001A30BF
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: LibraryLoad$ErrorLast
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3177248105-0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: aae9cd41c9ababd91b65060d311b0e27a2177116dd321d3de7d0eff9e8453e09
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: a0b1627e5b9108570ef4ec9f88440b6a94681c6c07fc3d18f3b3a1d3c70bc345
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: aae9cd41c9ababd91b65060d311b0e27a2177116dd321d3de7d0eff9e8453e09
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0101FC7A301322ABC7314B79AD4CB677B989F477A1B310720F925D3181C721D905C6E0
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • GetModuleFileNameW.KERNEL32(?,?,00000104,00000000), ref: 001D747F
                                                                                                                                                                                                                                                                                                                                                                                        • LoadTypeLibEx.OLEAUT32(?,00000002,?), ref: 001D7497
                                                                                                                                                                                                                                                                                                                                                                                        • RegisterTypeLib.OLEAUT32(?,?,00000000), ref: 001D74AC
                                                                                                                                                                                                                                                                                                                                                                                        • RegisterTypeLibForUser.OLEAUT32(?,?,00000000), ref: 001D74CA
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: Type$Register$FileLoadModuleNameUser
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1352324309-0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 377ba2ddda71c83442d7e37676495e4871ad7b6a29db9ff4951b47d1fd7eeb39
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: fb4e56b009f12c9bec9d6ad1ff7667e692f479dfda79251cca8e7e6fef8f570f
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 377ba2ddda71c83442d7e37676495e4871ad7b6a29db9ff4951b47d1fd7eeb39
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: AC1161B52093159BE7218F14ED4DB92BBFCEB00B04F10856AA656D6292E770E904DB60
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,001DACD3,?,00008000), ref: 001DB0C4
                                                                                                                                                                                                                                                                                                                                                                                        • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,001DACD3,?,00008000), ref: 001DB0E9
                                                                                                                                                                                                                                                                                                                                                                                        • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,001DACD3,?,00008000), ref: 001DB0F3
                                                                                                                                                                                                                                                                                                                                                                                        • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,001DACD3,?,00008000), ref: 001DB126
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: CounterPerformanceQuerySleep
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2875609808-0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: a1a5c5a76d3e74b32f008c9bafedea796f413684ef27a1a61d58312d498af705
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 94efdadf7c7052cd42c5cb5ae933b34efc19651363fe23472cdbec1ea86d30ab
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a1a5c5a76d3e74b32f008c9bafedea796f413684ef27a1a61d58312d498af705
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 53116171C0561CD7CF04AFE4F9D96EEBB78FF09711F124196E942B2241CB3056508B91
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • GetWindowRect.USER32(?,?), ref: 00207E33
                                                                                                                                                                                                                                                                                                                                                                                        • ScreenToClient.USER32(?,?), ref: 00207E4B
                                                                                                                                                                                                                                                                                                                                                                                        • ScreenToClient.USER32(?,?), ref: 00207E6F
                                                                                                                                                                                                                                                                                                                                                                                        • InvalidateRect.USER32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 00207E8A
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: ClientRectScreen$InvalidateWindow
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 357397906-0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: e48903e31db86c2aa688922d89121f09c379d067b911f2de2ed6784c205d1c3c
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: a5986d9be5cbad926abdcccb09810f7eed173f5e04fb53bae3ff528db667e941
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e48903e31db86c2aa688922d89121f09c379d067b911f2de2ed6784c205d1c3c
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D71186B9D0020AAFDB41CF98D8849EEBBF9FF08310F104156E911E3251D735AA54CF50
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 001D2DC5
                                                                                                                                                                                                                                                                                                                                                                                        • GetWindowThreadProcessId.USER32(?,00000000), ref: 001D2DD6
                                                                                                                                                                                                                                                                                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 001D2DDD
                                                                                                                                                                                                                                                                                                                                                                                        • AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 001D2DE4
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: Thread$AttachCurrentInputMessageProcessSendTimeoutWindow
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2710830443-0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 9ea35c112b10d5636c4d441966b5f066d17221c784f94980268b59678925aaec
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: f6c12a1d68dcdcfd64c01e24e5d463762614b5ff2d3ffea32ad1955da3baf8d1
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9ea35c112b10d5636c4d441966b5f066d17221c784f94980268b59678925aaec
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 62E092B11017247BD7301BB6AC0DFEB7E6DEF96BA1F100216F105D11819BB1C840C6B0
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00189639: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00189693
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00189639: SelectObject.GDI32(?,00000000), ref: 001896A2
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00189639: BeginPath.GDI32(?), ref: 001896B9
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00189639: SelectObject.GDI32(?,00000000), ref: 001896E2
                                                                                                                                                                                                                                                                                                                                                                                        • MoveToEx.GDI32(?,00000000,00000000,00000000), ref: 00208887
                                                                                                                                                                                                                                                                                                                                                                                        • LineTo.GDI32(?,?,?), ref: 00208894
                                                                                                                                                                                                                                                                                                                                                                                        • EndPath.GDI32(?), ref: 002088A4
                                                                                                                                                                                                                                                                                                                                                                                        • StrokePath.GDI32(?), ref: 002088B2
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: Path$ObjectSelect$BeginCreateLineMoveStroke
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1539411459-0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: c0a9387579edfcf6c0257753b0eab4a50312c387c275402ee6fd2e554e2204aa
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: dfd815d111e729950377c5e491ad8584fb1c9d90d127a1430dc742ae3fda955f
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c0a9387579edfcf6c0257753b0eab4a50312c387c275402ee6fd2e554e2204aa
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 11F03A76041259FAEB126F94AC0DFCA3E6AAF06710F148100FA11650E2C7755561DFE5
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • GetSysColor.USER32(00000008), ref: 001898CC
                                                                                                                                                                                                                                                                                                                                                                                        • SetTextColor.GDI32(?,?), ref: 001898D6
                                                                                                                                                                                                                                                                                                                                                                                        • SetBkMode.GDI32(?,00000001), ref: 001898E9
                                                                                                                                                                                                                                                                                                                                                                                        • GetStockObject.GDI32(00000005), ref: 001898F1
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: Color$ModeObjectStockText
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 4037423528-0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 14bcc827e16b0f31561aaf5a004182a9d6f539decd838fd657507673b0c1d915
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 97d5b0ef86b07b3e48551d460a3fdce49edd4b0b73cae6e110c163b4b138a65b
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 14bcc827e16b0f31561aaf5a004182a9d6f539decd838fd657507673b0c1d915
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 22E06D71244380AEDB215B74BC0DBEC7F20AB22336F248319FAFA580E2C3B186509F10
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • GetCurrentThread.KERNEL32 ref: 001D1634
                                                                                                                                                                                                                                                                                                                                                                                        • OpenThreadToken.ADVAPI32(00000000,?,?,?,001D11D9), ref: 001D163B
                                                                                                                                                                                                                                                                                                                                                                                        • GetCurrentProcess.KERNEL32(00000028,?,?,?,?,001D11D9), ref: 001D1648
                                                                                                                                                                                                                                                                                                                                                                                        • OpenProcessToken.ADVAPI32(00000000,?,?,?,001D11D9), ref: 001D164F
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: CurrentOpenProcessThreadToken
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3974789173-0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 625d916e13527e93b019a1bbe3fc9683b05255284286263d3d6f2e918d3da43f
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 066d4bb3bbe994afa1d7dfdccb65a2038471e3fd28bae0a1837090ad718827a6
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 625d916e13527e93b019a1bbe3fc9683b05255284286263d3d6f2e918d3da43f
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B4E08CB2606311FBE7202FA0BE0DB863B7DAF44792F248909F645C9081E7749440CB60
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • GetDesktopWindow.USER32 ref: 001CD858
                                                                                                                                                                                                                                                                                                                                                                                        • GetDC.USER32(00000000), ref: 001CD862
                                                                                                                                                                                                                                                                                                                                                                                        • GetDeviceCaps.GDI32(00000000,0000000C), ref: 001CD882
                                                                                                                                                                                                                                                                                                                                                                                        • ReleaseDC.USER32(?), ref: 001CD8A3
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: CapsDesktopDeviceReleaseWindow
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2889604237-0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: f52a8f556cdf7d8b138380c3a0140d5d47e0fd6f699d365641dad2fce81ea266
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 40e3493786ee56ded07cbdab7960c4ae6f482418c6b805a0ae6dafb6312fe1b2
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f52a8f556cdf7d8b138380c3a0140d5d47e0fd6f699d365641dad2fce81ea266
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E3E01AB0800304DFCF51AFB0E84CA6DBBB6FB48310F218119F856E7251CB398A01AF50
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • GetDesktopWindow.USER32 ref: 001CD86C
                                                                                                                                                                                                                                                                                                                                                                                        • GetDC.USER32(00000000), ref: 001CD876
                                                                                                                                                                                                                                                                                                                                                                                        • GetDeviceCaps.GDI32(00000000,0000000C), ref: 001CD882
                                                                                                                                                                                                                                                                                                                                                                                        • ReleaseDC.USER32(?), ref: 001CD8A3
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: CapsDesktopDeviceReleaseWindow
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2889604237-0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: a3de45df1a4c11987203491a714a783d01a20472ceef5de96db3b8b431265e67
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 4edddd0209f192a0134b15c3dc06f26f2a1c91fce985fbce13e457c972bc6068
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a3de45df1a4c11987203491a714a783d01a20472ceef5de96db3b8b431265e67
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: EEE09AB5800304DFCF51AFB4E84C66DBBB5BB48311F248549F95AE7251CB395A019F50
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00177620: _wcslen.LIBCMT ref: 00177625
                                                                                                                                                                                                                                                                                                                                                                                        • WNetUseConnectionW.MPR(00000000,?,0000002A,00000000,?,?,0000002A,?), ref: 001E4ED4
                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: Connection_wcslen
                                                                                                                                                                                                                                                                                                                                                                                        • String ID: *$LPT
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1725874428-3443410124
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 24ab9f725a009ce770ad9f4490a7cfe1d9e291e42aa9338d8a3de3b90ef31024
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: f128db02d00cfce539632b8ef1c0d6451a7a48f618fcfc7ccf07ca4e6e7bfc9a
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 24ab9f725a009ce770ad9f4490a7cfe1d9e291e42aa9338d8a3de3b90ef31024
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6F916E75A006449FCB14DF59C484EAEBBF1BF45704F198099E80A9F3A2C735EE85CB91
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • __startOneArgErrorHandling.LIBCMT ref: 0019E30D
                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: ErrorHandling__start
                                                                                                                                                                                                                                                                                                                                                                                        • String ID: pow
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3213639722-2276729525
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: f0bd0b871696b708d067aec651d1e3f176dde04ea22a154a6764bc42ab3128bc
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: aafc905bd7d47c0be8d2456b7c4b1887aa3e518c5d7d013f1af8db4f808adb5e
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f0bd0b871696b708d067aec651d1e3f176dde04ea22a154a6764bc42ab3128bc
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0B518D65A0C20296CF15B714DD053BA3BE4FB51740F348D68F0D6833E9EF318E959A86
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • CharUpperBuffW.USER32(001C569E,00000000,?,0020CC08,?,00000000,00000000), ref: 001F78DD
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00176B57: _wcslen.LIBCMT ref: 00176B6A
                                                                                                                                                                                                                                                                                                                                                                                        • CharUpperBuffW.USER32(001C569E,00000000,?,0020CC08,00000000,?,00000000,00000000), ref: 001F783B
                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: BuffCharUpper$_wcslen
                                                                                                                                                                                                                                                                                                                                                                                        • String ID: <s#
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3544283678-1950719649
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: ea1ff2df5f1f12bfe30e9c2cfe3501b1018326d6c3775e73a24e7b24e6f9b5a3
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: dcb5067bdb3bc2c31bcd48c46e7c37cf863f2cc68a33358b6f4740b2e433de63
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ea1ff2df5f1f12bfe30e9c2cfe3501b1018326d6c3775e73a24e7b24e6f9b5a3
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 38613D72914119EACF14EBA4DC91DFDB378BF28704B548129F646A70D2EF705A09DBA0
                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                                                                                                                        • String ID: #
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 0-1885708031
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: d0d96783bb4cb216e81ea67845b9b0da5a4d7ed1df5ae4086a396f7c0d391362
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 5335c210b0a41dcc4727a0db11e399c043a962ef1999c7d4ce0c66a8375ba4fc
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d0d96783bb4cb216e81ea67845b9b0da5a4d7ed1df5ae4086a396f7c0d391362
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 57510175500346DFDB29EF68C482EBA7BE9EF75310F248059E8919B290D734DE52CBA0
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • Sleep.KERNEL32(00000000), ref: 0018F2A2
                                                                                                                                                                                                                                                                                                                                                                                        • GlobalMemoryStatusEx.KERNEL32(?), ref: 0018F2BB
                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: GlobalMemorySleepStatus
                                                                                                                                                                                                                                                                                                                                                                                        • String ID: @
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2783356886-2766056989
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 3425d542fe3d01329313419b5a62f8e12284aba42b0a31939cf5f388b040caf1
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 0998e42df3510000410605ccac57216e34f62389eb2cb711235448f34cf027f9
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3425d542fe3d01329313419b5a62f8e12284aba42b0a31939cf5f388b040caf1
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C05138714087449BD320AF54EC86BAFBBF8FBA5300F81885DF1D9411A5EF708629CB66
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • CharUpperBuffW.USER32(?,?,?,00000003,?,?), ref: 001F57E0
                                                                                                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 001F57EC
                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: BuffCharUpper_wcslen
                                                                                                                                                                                                                                                                                                                                                                                        • String ID: CALLARGARRAY
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 157775604-1150593374
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 231c240cdf653496350746c74440e11ebff2fd163f31741633b03dd002db5715
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 10f1d41fdd2a434f7573268cd020ca729f0bde9a236f68e633db61ec5e8bee19
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 231c240cdf653496350746c74440e11ebff2fd163f31741633b03dd002db5715
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8B41A271E002099FCB14DFA9D8858BEBBB6FF69354F104129F605A7292E7349D81CF90
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 001ED130
                                                                                                                                                                                                                                                                                                                                                                                        • InternetCrackUrlW.WININET(?,00000000,00000000,0000007C), ref: 001ED13A
                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: CrackInternet_wcslen
                                                                                                                                                                                                                                                                                                                                                                                        • String ID: |
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 596671847-2343686810
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 6ac2ea778794bd1f3a928142b8ce79ac883332120a5eb5e5b2a541eb17f2b12d
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 61d6e6a9a97d92e43e5dbbec46390908a07d360bdc692664c885fcefbcfa7f62
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6ac2ea778794bd1f3a928142b8ce79ac883332120a5eb5e5b2a541eb17f2b12d
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 33315071D00209ABCF15EFA5DC85EEEBFB9FF18300F104059F819A6162DB31AA46CB61
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • DestroyWindow.USER32(?,?,?,?), ref: 00203621
                                                                                                                                                                                                                                                                                                                                                                                        • MoveWindow.USER32(?,?,?,?,?,00000001,?,?,?), ref: 0020365C
                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: Window$DestroyMove
                                                                                                                                                                                                                                                                                                                                                                                        • String ID: static
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2139405536-2160076837
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 42b8405593021440b8c34da9923630b9a30404862fe31e000703b1b424ee238d
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: b248ade8231e5e1c4c1cebdcf7ceb0d9122821a9a20ebd528cb95a73fc49cb92
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 42b8405593021440b8c34da9923630b9a30404862fe31e000703b1b424ee238d
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1431AF71120704AADB10DF28DC80EBB73ADFF88720F108619F8A597291DB31ADA1CB64
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000027,00001132,00000000,?), ref: 0020461F
                                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 00204634
                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: MessageSend
                                                                                                                                                                                                                                                                                                                                                                                        • String ID: '
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3850602802-1997036262
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 0733dc84cf8bfa445c2e66a0fd1e35dc1a9a3840307e4892b59284bb68bcf94b
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 7bff8f2f4bbb31b43a725a14f87b15abbb0c41457a911033a301334a3fae1a52
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0733dc84cf8bfa445c2e66a0fd1e35dc1a9a3840307e4892b59284bb68bcf94b
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CE314FB4A1130A9FDF14DFA5C980BDA7BB9FF59300F504169EA049B382E771A951CF90
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00000143,00000000,?), ref: 0020327C
                                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00203287
                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: MessageSend
                                                                                                                                                                                                                                                                                                                                                                                        • String ID: Combobox
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3850602802-2096851135
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 5a689832270b7908384eaf8ad219e2d798e68fdd7b7729cfc2f04191cd030b4e
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 0c82ece2d2b42080dfe1ccf1947f5260eed363020d03168602bafc09dd65cce0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5a689832270b7908384eaf8ad219e2d798e68fdd7b7729cfc2f04191cd030b4e
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5C11D0712202097FEF25DF54DC84EBB376EEB94364F104125F918972D2D6319D618B60
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 0017600E: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 0017604C
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 0017600E: GetStockObject.GDI32(00000011), ref: 00176060
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 0017600E: SendMessageW.USER32(00000000,00000030,00000000), ref: 0017606A
                                                                                                                                                                                                                                                                                                                                                                                        • GetWindowRect.USER32(00000000,?), ref: 0020377A
                                                                                                                                                                                                                                                                                                                                                                                        • GetSysColor.USER32(00000012), ref: 00203794
                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: Window$ColorCreateMessageObjectRectSendStock
                                                                                                                                                                                                                                                                                                                                                                                        • String ID: static
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1983116058-2160076837
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 0b87a9a4dbc65c59015aa0321d914b28bf90a8fb6f54b50e68a5caba133906b7
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 3933e6e993f6659cd6152b8c81ca91aa8ac5b08a1d61d8b6de1b38e24a03ee04
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0b87a9a4dbc65c59015aa0321d914b28bf90a8fb6f54b50e68a5caba133906b7
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3A113AB262020AAFDF00DFA8CC45EEA7BB8FF09314F104A15FD55E2291D775E8619B50
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • InternetOpenW.WININET(?,00000000,00000000,00000000,00000000), ref: 001ECD7D
                                                                                                                                                                                                                                                                                                                                                                                        • InternetSetOptionW.WININET(00000000,00000032,?,00000008), ref: 001ECDA6
                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: Internet$OpenOption
                                                                                                                                                                                                                                                                                                                                                                                        • String ID: <local>
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 942729171-4266983199
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 9b90e8f6fed608894ba9ce3f4cced8dd51453f60dbf0dd16c4abc8f87c3064a9
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: bed1db157d3ae84269ab14bb36b82ca988b144a7e2b5eb598ad2cdee090f663c
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9b90e8f6fed608894ba9ce3f4cced8dd51453f60dbf0dd16c4abc8f87c3064a9
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E611C6B1205A71BAD7384BA78C49FEBBEACFF127A4F104226B10983090D7759842D6F0
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • GetWindowTextLengthW.USER32(00000000), ref: 002034AB
                                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,000000B1,00000000,00000000), ref: 002034BA
                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: LengthMessageSendTextWindow
                                                                                                                                                                                                                                                                                                                                                                                        • String ID: edit
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2978978980-2167791130
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 98ed6d37d2c3ef2392d397182eaaf62f377d885e6e215cfb41353f22b45b5ad3
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 9dd9d904f7eb0bff247084588d98be010ef19b8bba1d31b5c40814107ced05b3
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 98ed6d37d2c3ef2392d397182eaaf62f377d885e6e215cfb41353f22b45b5ad3
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6211BF71120309ABEB118F64EC84ABB376EEF05374F604324F9649B1D1C771DC619B50
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00179CB3: _wcslen.LIBCMT ref: 00179CBD
                                                                                                                                                                                                                                                                                                                                                                                        • CharUpperBuffW.USER32(?,?,?), ref: 001D6CB6
                                                                                                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 001D6CC2
                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: _wcslen$BuffCharUpper
                                                                                                                                                                                                                                                                                                                                                                                        • String ID: STOP
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1256254125-2411985666
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 73a5b8f2c5d4e5af1dadf2527dea42d700560719d0f20084da8c443ef17c9413
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 284deaf87e56d393bd6dbd2b841bde49942dde17a702769fd80c492c1ba069f4
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 73a5b8f2c5d4e5af1dadf2527dea42d700560719d0f20084da8c443ef17c9413
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9F0104326249268BCB209FFDEC808BF33B5EB717507100526E85296291EB31D800C650
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00179CB3: _wcslen.LIBCMT ref: 00179CBD
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 001D3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 001D3CCA
                                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,000001A2,000000FF,?), ref: 001D1D4C
                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                                                                                                                                                                                                                                        • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 624084870-1403004172
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: c39dabbe64cce166911126bfaa4aa91c5ea07a0c00762443b78b58032439c1d4
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 2907b91db0f548bbf9a8a3dcaa1a60f6bd63861e3a946006aa49a7b0da044106
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c39dabbe64cce166911126bfaa4aa91c5ea07a0c00762443b78b58032439c1d4
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1E01F171650228BBCB08EBE0CC19CFE73A9EB62350B000A0BE836673C1EB30590CC661
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00179CB3: _wcslen.LIBCMT ref: 00179CBD
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 001D3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 001D3CCA
                                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00000180,00000000,?), ref: 001D1C46
                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                                                                                                                                                                                                                                        • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 624084870-1403004172
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 921fa57ef0abdbc662ba90f5c702a4bf134a2eb85aa78382aeef96ce887faf5b
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: df32bc222dcc22988a70228df815fde77459a3fe8baaeeb44ab832b0368b4dc3
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 921fa57ef0abdbc662ba90f5c702a4bf134a2eb85aa78382aeef96ce887faf5b
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BC01A7B57A110876DF18EB90DD52DFF77A89F22340F14001BA41A67382EB209F1C96B2
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00179CB3: _wcslen.LIBCMT ref: 00179CBD
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 001D3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 001D3CCA
                                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00000182,?,00000000), ref: 001D1CC8
                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                                                                                                                                                                                                                                        • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 624084870-1403004172
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 1a137891be23ebb88bcf8345fcea814a316e1341c2a8de8e66cce9cde4e7d715
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 072abe65f04e54ac93032b4dd1f38e9af980f1f4bf449d57e6d76398add8005a
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1a137891be23ebb88bcf8345fcea814a316e1341c2a8de8e66cce9cde4e7d715
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5E01A2B17A011876CB18EBA4CA02EFF73AC9B22340F540016B80677382EB219F199672
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00179CB3: _wcslen.LIBCMT ref: 00179CBD
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 001D3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 001D3CCA
                                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,0000018B,00000000,00000000), ref: 001D1DD3
                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                                                                                                                                                                                                                                        • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 624084870-1403004172
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 40df741f4a97347ed5c381ca8e2c97f0271511a6ae93259e32e020a97b6ec287
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 003c27d5aa29ece92fa16e69096be6b1e145d086e983e96d2aa4d4a56c2a951f
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 40df741f4a97347ed5c381ca8e2c97f0271511a6ae93259e32e020a97b6ec287
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7FF0F471B6061876CB08E7E4DC56EFF737DAB22354F040916B826673C1DB60590C8261
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,00000020,00000000,00000000,00243018,0024305C), ref: 002081BF
                                                                                                                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32 ref: 002081D1
                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: CloseCreateHandleProcess
                                                                                                                                                                                                                                                                                                                                                                                        • String ID: \0$
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3712363035-2040716516
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: e63710095706fabda21aa6455b1a12628c5656a868d828889d0fda4827d74dad
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: cf7d8f3f33402c418480e0d622b17d6a5ddc67b3e0b424657431e9a4a1d8bc5b
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e63710095706fabda21aa6455b1a12628c5656a868d828889d0fda4827d74dad
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 52F05EF6650300BAE720AB61BC49FB73A9CEB19B50F105560FB08D51A2D6768A1082B8
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: _wcslen
                                                                                                                                                                                                                                                                                                                                                                                        • String ID: 3, 3, 16, 1
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 176396367-3042988571
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: db009123af979866040391a8bed0929c79182bc506630e41a9b6995443a981c0
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: c00d0eb15dacf46baa59accf8920158c6c40de63f10e7115156a014cc23ce660
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: db009123af979866040391a8bed0929c79182bc506630e41a9b6995443a981c0
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8CE02B4221422411963122799CC1D7F56C9CFDD750714182BFA81C22E6EB948D9393A1
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • MessageBoxW.USER32(00000000,Error allocating memory.,AutoIt,00000010), ref: 001D0B23
                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: Message
                                                                                                                                                                                                                                                                                                                                                                                        • String ID: AutoIt$Error allocating memory.
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2030045667-4017498283
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 3df32c8579c7a63d4e795fb13c7d22f02cc090794163fe6f9e6970503f535857
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 665acd57816adad1cda38a6744282bf48ef8c09f79068ecc4fff63b6370c6623
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3df32c8579c7a63d4e795fb13c7d22f02cc090794163fe6f9e6970503f535857
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: AEE0D87124431866D31437947C07F897B848F19B61F20042BF748555C38BD225A00AE9
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 0018F7C9: InitializeCriticalSectionAndSpinCount.KERNEL32(?,00000000,?,00190D71,?,?,?,0017100A), ref: 0018F7CE
                                                                                                                                                                                                                                                                                                                                                                                        • IsDebuggerPresent.KERNEL32(?,?,?,0017100A), ref: 00190D75
                                                                                                                                                                                                                                                                                                                                                                                        • OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,?,0017100A), ref: 00190D84
                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                        • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 00190D7F
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: CountCriticalDebugDebuggerInitializeOutputPresentSectionSpinString
                                                                                                                                                                                                                                                                                                                                                                                        • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 55579361-631824599
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 3a71e90b8b3411a542481105a474091367f8f11ce0d411e9c0b5d8b832feae15
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 98c614750143cb92d5d5e3d036fa0abadacff642123084f95401341b3d6b66a2
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3a71e90b8b3411a542481105a474091367f8f11ce0d411e9c0b5d8b832feae15
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C6E092B42003018FE7719FB8E5083427BE4BF18740F008A2DE896C6A92DBB0E4448B91
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • __Init_thread_footer.LIBCMT ref: 0018E3D5
                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: Init_thread_footer
                                                                                                                                                                                                                                                                                                                                                                                        • String ID: 0%$$8%$
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1385522511-2281168666
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: a9a9903f3fd9991d067161bba674dec5976b73bb2c8121963504bdc00edddd2f
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: f7b12c8e5a2dd460af28b61e95f81897fbed0ba2cd70c4ea5386c13025342aff
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a9a9903f3fd9991d067161bba674dec5976b73bb2c8121963504bdc00edddd2f
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DAE02635510910CFCA0DB719BA58A883391FB1A320BD00179F902871D19BB02D458B44
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • GetTempPathW.KERNEL32(00000104,?,00000001), ref: 001E302F
                                                                                                                                                                                                                                                                                                                                                                                        • GetTempFileNameW.KERNEL32(?,aut,00000000,?), ref: 001E3044
                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: Temp$FileNamePath
                                                                                                                                                                                                                                                                                                                                                                                        • String ID: aut
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3285503233-3010740371
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: a2e5ca1328d1fe39b7e9212b1ae438e7594d53d0298d1286f4e963c8c3f22497
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 8c03e6437de338dbb6f4e16d868a523811b504cc1d70ebe6ca1fe45eb6100279
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a2e5ca1328d1fe39b7e9212b1ae438e7594d53d0298d1286f4e963c8c3f22497
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B9D05EB25003287BDA20A7A4AC0EFCB3A6CDB05750F0002A1BA55E20D2DAB09984CAD0
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: LocalTime
                                                                                                                                                                                                                                                                                                                                                                                        • String ID: %.3d$X64
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 481472006-1077770165
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 63021897ed0dac421572eee8ffd6155a389da3e9b62ad2c95e7b158dac27746a
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: f8915733765dc89ea43b045d75ed1277cd3231d71ac27ca004769a4694f5be4f
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 63021897ed0dac421572eee8ffd6155a389da3e9b62ad2c95e7b158dac27746a
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BBD012A1C08208E9CB58A7D0EC49EBAB3BCEB29341F62847AFC0692040D734C6496B61
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 0020232C
                                                                                                                                                                                                                                                                                                                                                                                        • PostMessageW.USER32(00000000,00000111,00000197,00000000), ref: 0020233F
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 001DE97B: Sleep.KERNEL32 ref: 001DE9F3
                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: FindMessagePostSleepWindow
                                                                                                                                                                                                                                                                                                                                                                                        • String ID: Shell_TrayWnd
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 529655941-2988720461
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: c52619ade32fcb0b84a311cb62d375216ee39197c077406caf50e487a26f8d0c
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 89687f85b978a6f68a46136b244ce637f9ec16073acb543a5780c7a580820257
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c52619ade32fcb0b84a311cb62d375216ee39197c077406caf50e487a26f8d0c
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C3D0A9B63D0300B6E66CB330AC0FFC6AA089B00B04F204A027205AA1D1C9A0A8008A50
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 0020236C
                                                                                                                                                                                                                                                                                                                                                                                        • PostMessageW.USER32(00000000), ref: 00202373
                                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 001DE97B: Sleep.KERNEL32 ref: 001DE9F3
                                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: FindMessagePostSleepWindow
                                                                                                                                                                                                                                                                                                                                                                                        • String ID: Shell_TrayWnd
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 529655941-2988720461
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 25c5ad8c835bbed398e2850f16b11f63ce403677aa2e1e95a3b1e7d29284eb31
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: a412bb99ff2518e60cb090b9bb8c0017f0c0d7299bde30ab2bee9437f2aabf7f
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 25c5ad8c835bbed398e2850f16b11f63ce403677aa2e1e95a3b1e7d29284eb31
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D9D0A9B23C13007AE66CB330AC0FFC6AA089B00B04F604A027201AA1D1C9A0A8008A54
                                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                                        • MultiByteToWideChar.KERNEL32(?,00000009,?,00000000,00000000,?,?,?,00000000,?,?,?,?,?,00000000,?), ref: 001ABE93
                                                                                                                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32 ref: 001ABEA1
                                                                                                                                                                                                                                                                                                                                                                                        • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 001ABEFC
                                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1766811821.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766776315.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.000000000020C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1766914160.0000000000232000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767004731.000000000023C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1767065205.0000000000244000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                                        • API ID: ByteCharMultiWide$ErrorLast
                                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1717984340-0
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 63a9cbfbc034aaf823b0be2ce1d1f68cb47a297f04bb2537c4f9e2c38c606826
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: ace04692057af0c361c97ac2b0c54d4fede4b6b9b082073144d6b4062577a169
                                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 63a9cbfbc034aaf823b0be2ce1d1f68cb47a297f04bb2537c4f9e2c38c606826
                                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1441FC38609286AFCF258F74DCD4ABA7BA5EF43310F194169F959971A3DB308D01CB50